Lucene search
+L

216 matches found

github
github
added 2023/09/21 5:4 p.m.34 views

Zope vulnerable to Stored Cross Site Scripting with SVG images

Impact There is a stored cross site scripting vulnerability for SVG images. Note that an image tag with an SVG image as source is never vulnerable, even when the SVG image contains malicious code. To exploit the vulnerability, an attacker would first need to upload an image, and then trick a user...

5.4CVSS6.1AI score0.00599EPSS
Exploits1References6Affected Software1
nessus
nessus
added 2023/08/31 12:0 a.m.17 views

FreeBSD : py-wagtail -- DoS vulnerability (2def7c4b-736f-4754-9f03-236fcb586d91)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 2def7c4b-736f-4754-9f03-236fcb586d91 advisory. - Wagtail is an open source content management system built on Django. Prior to versions 4.1.4 and 4.2....

4.9CVSS5.3AI score0.0107EPSS
Exploits0References3
patchstack
patchstack
added 2023/07/18 12:0 a.m.6 views

WordPress Drag and Drop & Multiple Image Uploads With Preview For WPForms Plugin <= 1.3 is vulnerable to Cross Site Scripting (XSS)

Software Drag and Drop & Multiple Image Uploads With Preview For WPForms Type Plugin Vulnerable versions = 1.3 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID...

6.3AI score0.00284EPSS
Exploits0References2Affected Software1
vulnrichment
vulnrichment
added 2023/06/09 5:33 a.m.34 views

CVE-2023-1169 OoohBoi Steroids for Elementor <= 2.1.4 - Missing Authorization leading to Authenticated (Subscriber+) Image Upload

The OoohBoi Steroids for Elementor plugin for WordPress is vulnerable to missing authorization due to a missing capability check on the 'fileuploadercallback' function in versions up to, and including, 2.1.4. This makes it possible for subscriber-level attackers to upload image attachments to the...

4.3CVSS6.6AI score0.00573EPSS
Exploits0References3
nvd
nvd
added 2023/06/07 2:15 a.m.17 views

CVE-2020-36703

The Elementor Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG image uploads in versions up to, and including 2.9.7 This makes it possible for authenticated attackers with the uploadfiles capability to inject arbitrary web scripts in pages that will execut...

6.4CVSS5.7AI score0.0048EPSS
Exploits1References2
osv
osv
added 2023/06/07 2:15 a.m.6 views

CVE-2020-36703

The Elementor Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG image uploads in versions up to, and including 2.9.7 This makes it possible for authenticated attackers with the uploadfiles capability to inject arbitrary web scripts in pages that will execut...

5.4CVSS5.9AI score0.0048EPSS
Exploits1References2
prion
prion
added 2023/06/07 2:15 a.m.18 views

Cross site scripting

The Elementor Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG image uploads in versions up to, and including 2.9.7 This makes it possible for authenticated attackers with the uploadfiles capability to inject arbitrary web scripts in pages that will execut...

4.9CVSS5AI score0.0048EPSS
Exploits1References2Affected Software1
cve
cve
added 2023/06/07 1:51 a.m.51 views

CVE-2020-36703

The CVE-2020-36703 entry concerns the Elementor Website Builder WordPress plugin. It documents a Stored Cross-Site Scripting (XSS) flaw in SVG image uploads for versions up to and including 2.9.7. The underlying issue allows authenticated attackers with the upload_files capability to inject arbit...

6.4CVSS5AI score0.0048EPSS
Exploits1References2Affected Software1
vulnrichment
vulnrichment
added 2023/06/07 1:51 a.m.12 views

CVE-2020-36703 Elementor Website Builder <= 2.9.7 - Authenticated Stored Cross-Site Scripting

The Elementor Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG image uploads in versions up to, and including 2.9.7 This makes it possible for authenticated attackers with the uploadfiles capability to inject arbitrary web scripts in pages that will execut...

6.4CVSS6.3AI score0.0048EPSS
Exploits1References2
cvelist
cvelist
added 2023/06/07 1:51 a.m.22 views

CVE-2020-36703 Elementor Website Builder <= 2.9.7 - Authenticated Stored Cross-Site Scripting

The Elementor Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG image uploads in versions up to, and including 2.9.7 This makes it possible for authenticated attackers with the uploadfiles capability to inject arbitrary web scripts in pages that will execut...

6.4CVSS5.7AI score0.0048EPSS
Exploits1References2
ptsecurity
ptsecurity
added 2023/06/07 12:0 a.m.6 views

PT-2023-11845 · WordPress · Elementor Website Builder

Name of the Vulnerable Software and Affected Versions: Elementor Website Builder plugin for WordPress versions up to and including 2.9.7 Description: The issue allows authenticated attackers with the upload files capability to inject arbitrary web scripts in pages via SVG image uploads. This...

6.4CVSS5.4AI score0.0048EPSS
Exploits1References4
cnnvd
cnnvd
added 2023/06/07 12:0 a.m.6 views

WordPress Plugin Elementor Website Builder 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on servers running PHP and MySQL.WordPress plugin is an...

6.4CVSS5.4AI score0.0048EPSS
Exploits1References3
ptsecurity
ptsecurity
added 2023/04/14 12:0 a.m.6 views

PT-2023-17430 · Froxlor · Froxlor

Name of the Vulnerable Software and Affected Versions: froxlor versions prior to 2.0.14 Description: The issue concerns the unrestricted upload of files with dangerous types in the GitHub repository froxlor/froxlor. Specifically, image files uploaded were not properly validated, which could resul...

9.1CVSS9.4AI score0.73247EPSS
Exploits1References7
osv
osv
added 2023/04/14 12:0 a.m.11 views

CVE-2023-29850

SENAYAN Library Management System SLiMS Bulian v9.5.2 does not strip exif data from uploaded images. This allows attackers to obtain information such as the user's geolocation and device information...

7.5CVSS6.7AI score0.00747EPSS
Exploits1References3
cnnvd
cnnvd
added 2023/04/05 12:0 a.m.8 views

Ulearn 代码问题漏洞

UTeM Ulearn is a learning management system organized by UTeM Malaysia. Ulearn suffers from a security vulnerability that stems from the program's failure to verify that an uploaded image is indeed an image. An attacker exploiting this vulnerability could remotely execute code on the server via t...

7.2CVSS7.3AI score0.01018EPSS
Exploits0References2
cvelist
cvelist
added 2023/04/03 4:41 p.m.43 views

CVE-2023-28837 Wagtail vulnerable to denial-of-service via memory exhaustion when uploading large files

Wagtail is an open source content management system built on Django. Prior to versions 4.1.4 and 4.2.2, a memory exhaustion bug exists in Wagtail's handling of uploaded images and documents. For both images and documents, files are loaded into memory during upload for additional processing. A use...

4.9CVSS5.4AI score0.0107EPSS
Exploits0References8
cnnvd
cnnvd
added 2023/04/03 12:0 a.m.8 views

Wagtail 跨站脚本漏洞

Torchbox Wagtail is an open source content management system CMS from the UK-based Torchbox. A cross-site scripting vulnerability exists in Wagtail versions 1.5 through 4.1.4, 4.2, and 4.2.1, which stems from a memory exhaustion issue in Wagtail's handling of uploaded images and documents,...

4.9CVSS4.9AI score0.0107EPSS
Exploits0References9
cnnvd
cnnvd
added 2023/03/10 12:0 a.m.4 views

WordPress plugin OoohBoi Steroids for Elementor 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

4.3CVSS6.5AI score0.00573EPSS
Exploits0References4
susecve
susecve
added 2023/02/15 5:27 a.m.4 views

SUSE CVE-2014-5356

OpenStack Image Registry and Delivery Service Glance before 2013.2.4, 2014.x before 2014.1.3, and Juno before Juno-3, when using the V2 API, does not properly enforce the imagesizecap configuration option, which allows remote authenticated users to cause a denial of service disk consumption by...

4CVSS6.7AI score0.02127EPSS
Exploits0References4
susecve
susecve
added 2023/02/15 5:24 a.m.5 views

SUSE CVE-2014-9684

OpenStack Image Registry and Delivery Service Glance 2014.2 through 2014.2.2 does not properly remove images, which allows remote authenticated users to cause a denial of service disk consumption by creating a large number of images using the task v2 API and then deleting them before the uploads...

4CVSS6.6AI score0.01981EPSS
Exploits1References3
Rows per page
Query Builder