6 matches found
Cross-Site Scripting (XSS)
ezsystems/ezplatform-admin-ui is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper escaping of user-controlled input in image asset names, content language names, and future publishing features, which allows an attacker with back-office editor or administrator privilege...
GHSA-2MX6-FQ24-G2MH ibexa/admin-ui has an XSS vulnerability in Cancel/Reschedule future publication modal
Impact This security advisory resolves an XSS vulnerability in image asset names, content language names and future publishing in the back office of the DXP. Back office access and varying levels of editing and management permissions are required to exploit this vulnerability. This typically mean...
ezsystems/ezplatform-admin-ui has an XSS vulnerability in Cancel/Reschedule future publication modal
Impact This security advisory resolves an XSS vulnerability in image asset names, content language names and future publishing in the back office of the DXP. Back office access and varying levels of editing and management permissions are required to exploit this vulnerability. This typically mean...
MAL-2025-1191 Malicious code in update_image_asset (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 23a245eb7d761ba61f0ab7db2cc504abb690a09fb1fe2b995535390a48facab3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2021-42183
MasaCMS 7.2.1 is affected by a path traversal vulnerability in /index.cfm/api/asset/image/...
Multiple vulnerabilities in Cybozu Garoon
Overview Cybozu, Inc. has released security updates for Cybozu Garoon. CyVDB-2083 Vulnerability in Single sign-on settings to avoid viewing and operation privileges - CVE-2020-5580 CyVDB-2451 Path traversal vulnerability on the portal - CVE-2020-5581 CyVDB-2097 Vulnerability to bypass operation...