Lucene search
K

211 matches found

Drupal
Drupal
added 2024/10/16 12:0 a.m.26 views

Drupal core - Moderately critical - Improper error handling - SA-CORE-2024-002

Under certain uncommon site configurations, a bug in the CKEditor 5 module can cause some image uploads to move the entire webroot to a different location on the file system. This could be exploited by a malicious user to take down a site. The issue is mitigated by the fact that several non-defau...

5.9CVSS6.3AI score0.00375EPSS
Exploits0References13
Positive Technologies
Positive Technologies
added 2024/10/12 12:0 a.m.6 views

PT-2024-39316 · WordPress · Category Icon

Name of the Vulnerable Software and Affected Versions: Category Icon plugin for WordPress versions up to, and including, 1.0.0 Description: The issue is related to Stored Cross-Site Scripting via SVG File uploads due to insufficient input sanitization and output escaping. This allows authenticate...

6.4CVSS5.9AI score0.00333EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2024/09/26 12:0 a.m.4 views

PT-2024-39444 · WordPress · Mapplic Lite

Name of the Vulnerable Software and Affected Versions: Mapplic Lite plugin for WordPress version 1.0 and earlier Description: The issue is related to Stored Cross-Site Scripting via SVG File uploads due to insufficient input sanitization and output escaping. This allows authenticated attackers wi...

6.4CVSS6.2AI score0.00298EPSS
Exploits0References9
Snyk
Snyk
added 2024/09/18 3:47 p.m.2 views

Cross-site Scripting (XSS)

Overview camaleoncms is a dynamic and advanced content management system based on Ruby on Rails as an alternative to Wordpress. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the image upload functionality. An attacker can execute arbitrary JavaScript on behalf o...

5.4CVSS5.9AI score
Exploits0References2
CNNVD
CNNVD
added 2024/06/18 12:0 a.m.5 views

Magbanua Beach Resort Online Reservation System Code Issue Vulnerability

Magbanua Beach Resort Online Reservation System is itsourcecode open source a beach resort hotel online reservation system Magbanua Beach Resort Online Reservation System 1.0 and earlier versions have a code issue vulnerability, the vulnerability stems from the parameter image in the file...

9.8CVSS6.9AI score0.00801EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2024/06/13 12:0 a.m.6 views

PT-2024-27089 · Unknown · Aegon Life

Name of the Vulnerable Software and Affected Versions: Aegon Life version 1.0 Description: An arbitrary file upload vulnerability allows attackers to execute arbitrary code via uploading a crafted image file. This issue arises due to improper input validation, enabling attackers to upload malicio...

8.1CVSS8.2AI score0.00581EPSS
Exploits3References6
CNNVD
CNNVD
added 2024/06/07 12:0 a.m.5 views

Bakery Online Ordering System Code Issue Vulnerability

Bakery Online Ordering System is a bakery online ordering system by janobe individual developer. A code issue vulnerability exists in Bakery Online Ordering System version 1.0, which stems from /admin/modules/product/controller.php containing an unknown function that causes unrestricted uploads v...

9.8CVSS7.1AI score0.00867EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2024/05/30 7:49 p.m.28 views

OpenCMS Cross-Site Scripting vulnerability

Two Cross-Site Scripting vulnerabilities have been discovered in Alkacon's OpenCMS affecting version 16, which could allow a user: with sufficient privileges to create and modify web pages through the admin panel, can execute malicious JavaScript code, after inserting code in the title field...

6.4CVSS6.9AI score0.00283EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2024/03/26 12:0 a.m.7 views

PT-2024-23072 · 10Web +1 · Photo Gallery

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The image upload component is affected by an issue where it allows SVG files, and the regular expression used to remove script tags can be bypassed. Thi...

5.4CVSS6.5AI score0.00431EPSS
Exploits1References6
GithubExploit
GithubExploit
added 2024/01/26 9:35 a.m.396 views

Exploit for CVE-2023-47400

CVE-2023-47400 Proof of Concept for the CVE-2023-47400 Aut...

8.9AI score
Exploits1
CNNVD
CNNVD
added 2024/01/08 12:0 a.m.6 views

WordPress Plugin Ni Purchase Order(PO) For WooCommerce Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

7.2CVSS7AI score0.00876EPSS
Exploits2References2
Positive Technologies
Positive Technologies
added 2024/01/04 12:0 a.m.5 views

PT-2024-15001 · Unknown · Class.Upload.Php

Name of the Vulnerable Software and Affected Versions: class.upload.php affected versions not specified Description: The issue is related to a stored XSS vulnerability in the default configuration of class.upload.php, a PHP library for managing image uploads. This vulnerability occurs because the...

6.5CVSS6AI score0.00436EPSS
Exploits0References10
OSV
OSV
added 2023/12/21 3:15 p.m.5 views

CVE-2023-48114

SmarterTools SmarterMail 8495 through 8664 before 8747 allows stored XSS by using image/svg+xml and an uploaded SVG document. This occurs because the application tries to allow youtube.com URLs, but actually allows youtube.com followed by an @ character and an attacker-controlled domain name...

5.4CVSS5.8AI score0.00355EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2023/11/21 12:0 a.m.18 views

PT-2023-30910 · Unknown · Statamic Cms

Name of the Vulnerable Software and Affected Versions: Statamic CMS versions prior to 3.4.15 and 4.36.0 Description: The issue allows HTML files crafted to look like images to be uploaded, bypassing mime validation. This is applicable on front-end forms using the "Forms" feature with an assets...

7.5CVSS6.4AI score0.007EPSS
Exploits0References10
Vulnrichment
Vulnrichment
added 2023/10/20 7:29 a.m.10 views

CVE-2022-3342 Jetpack CRM <= 5.3.1 - Cross-Site Request Forgery and PHAR Deserialization

The Jetpack CRM plugin for WordPress is vulnerable to PHAR deserialization via the ‘zbscrmcsvimpf’ parameter in the 'zeroBSCRMCSVImporterLitehtmlapp' function in versions up to, and including, 5.3.1. While the function performs a nonce check, steps 2 and 3 of the check do not take any action upon...

7.5CVSS7.3AI score0.00977EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2023/09/21 5:4 p.m.32 views

Zope vulnerable to Stored Cross Site Scripting with SVG images

Impact There is a stored cross site scripting vulnerability for SVG images. Note that an image tag with an SVG image as source is never vulnerable, even when the SVG image contains malicious code. To exploit the vulnerability, an attacker would first need to upload an image, and then trick a user...

5.4CVSS6.1AI score0.00599EPSS
Exploits1References6Affected Software1
Tenable Nessus
Tenable Nessus
added 2023/08/31 12:0 a.m.17 views

FreeBSD : py-wagtail -- DoS vulnerability (2def7c4b-736f-4754-9f03-236fcb586d91)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 2def7c4b-736f-4754-9f03-236fcb586d91 advisory. - Wagtail is an open source content management system built on Django. Prior to versions 4.1.4 and 4.2....

4.9CVSS5.3AI score0.0107EPSS
Exploits0References3
Patchstack
Patchstack
added 2023/07/18 12:0 a.m.5 views

WordPress Drag and Drop & Multiple Image Uploads With Preview For WPForms Plugin <= 1.3 is vulnerable to Cross Site Scripting (XSS)

Software Drag and Drop & Multiple Image Uploads With Preview For WPForms Type Plugin Vulnerable versions = 1.3 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID...

6.3AI score0.00284EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/06/09 5:33 a.m.34 views

CVE-2023-1169 OoohBoi Steroids for Elementor <= 2.1.4 - Missing Authorization leading to Authenticated (Subscriber+) Image Upload

The OoohBoi Steroids for Elementor plugin for WordPress is vulnerable to missing authorization due to a missing capability check on the 'fileuploadercallback' function in versions up to, and including, 2.1.4. This makes it possible for subscriber-level attackers to upload image attachments to the...

4.3CVSS6.6AI score0.00573EPSS
Exploits0References3
NVD
NVD
added 2023/06/07 2:15 a.m.16 views

CVE-2020-36703

The Elementor Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG image uploads in versions up to, and including 2.9.7 This makes it possible for authenticated attackers with the uploadfiles capability to inject arbitrary web scripts in pages that will execut...

6.4CVSS5.7AI score0.0048EPSS
Exploits1References2
Rows per page
Query Builder