23 matches found
Cxuucms 跨站脚本漏洞
CxuuCms is an easy-to-use, open source PHP+Mysql based content management system. CXUUCMS 3.1 suffers from a reflective cross-site scripting vulnerability. Attackers can use the vulnerability to inject arbitrary Web script or HTML via the imgurl parameter of admin.php?c=content&a=add...
PT-2020-16565 · Emby · Emby Server
Name of the Vulnerable Software and Affected Versions: Emby Server versions prior to 4.5.0 Description: The issue allows for Server-Side Request Forgery SSRF via the ImageURL parameter in the Items/RemoteSearch/Image endpoint. This means an attacker could potentially force the server to make...
Khan Academy: OPEN URL REDIRECT through PNG files
An abuse of the imageurl parameter when saving a CS program was able to create an arbitrary external redirect. We now validate the parameter before using it. I have found a way through which an attacker can use png files to redirect to malicious domain...