216 matches found
Zope vulnerable to Stored Cross Site Scripting with SVG images
Impact There is a stored cross site scripting vulnerability for SVG images. Note that an image tag with an SVG image as source is never vulnerable, even when the SVG image contains malicious code. To exploit the vulnerability, an attacker would first need to upload an image, and then trick a user...
FreeBSD : py-wagtail -- DoS vulnerability (2def7c4b-736f-4754-9f03-236fcb586d91)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 2def7c4b-736f-4754-9f03-236fcb586d91 advisory. - Wagtail is an open source content management system built on Django. Prior to versions 4.1.4 and 4.2....
WordPress Drag and Drop & Multiple Image Uploads With Preview For WPForms Plugin <= 1.3 is vulnerable to Cross Site Scripting (XSS)
Software Drag and Drop & Multiple Image Uploads With Preview For WPForms Type Plugin Vulnerable versions = 1.3 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID...
CVE-2023-1169 OoohBoi Steroids for Elementor <= 2.1.4 - Missing Authorization leading to Authenticated (Subscriber+) Image Upload
The OoohBoi Steroids for Elementor plugin for WordPress is vulnerable to missing authorization due to a missing capability check on the 'fileuploadercallback' function in versions up to, and including, 2.1.4. This makes it possible for subscriber-level attackers to upload image attachments to the...
CVE-2020-36703
The Elementor Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG image uploads in versions up to, and including 2.9.7 This makes it possible for authenticated attackers with the uploadfiles capability to inject arbitrary web scripts in pages that will execut...
CVE-2020-36703
The Elementor Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG image uploads in versions up to, and including 2.9.7 This makes it possible for authenticated attackers with the uploadfiles capability to inject arbitrary web scripts in pages that will execut...
Cross site scripting
The Elementor Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG image uploads in versions up to, and including 2.9.7 This makes it possible for authenticated attackers with the uploadfiles capability to inject arbitrary web scripts in pages that will execut...
CVE-2020-36703
The CVE-2020-36703 entry concerns the Elementor Website Builder WordPress plugin. It documents a Stored Cross-Site Scripting (XSS) flaw in SVG image uploads for versions up to and including 2.9.7. The underlying issue allows authenticated attackers with the upload_files capability to inject arbit...
CVE-2020-36703 Elementor Website Builder <= 2.9.7 - Authenticated Stored Cross-Site Scripting
The Elementor Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG image uploads in versions up to, and including 2.9.7 This makes it possible for authenticated attackers with the uploadfiles capability to inject arbitrary web scripts in pages that will execut...
CVE-2020-36703 Elementor Website Builder <= 2.9.7 - Authenticated Stored Cross-Site Scripting
The Elementor Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG image uploads in versions up to, and including 2.9.7 This makes it possible for authenticated attackers with the uploadfiles capability to inject arbitrary web scripts in pages that will execut...
PT-2023-11845 · WordPress · Elementor Website Builder
Name of the Vulnerable Software and Affected Versions: Elementor Website Builder plugin for WordPress versions up to and including 2.9.7 Description: The issue allows authenticated attackers with the upload files capability to inject arbitrary web scripts in pages via SVG image uploads. This...
WordPress Plugin Elementor Website Builder 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on servers running PHP and MySQL.WordPress plugin is an...
PT-2023-17430 · Froxlor · Froxlor
Name of the Vulnerable Software and Affected Versions: froxlor versions prior to 2.0.14 Description: The issue concerns the unrestricted upload of files with dangerous types in the GitHub repository froxlor/froxlor. Specifically, image files uploaded were not properly validated, which could resul...
CVE-2023-29850
SENAYAN Library Management System SLiMS Bulian v9.5.2 does not strip exif data from uploaded images. This allows attackers to obtain information such as the user's geolocation and device information...
Ulearn 代码问题漏洞
UTeM Ulearn is a learning management system organized by UTeM Malaysia. Ulearn suffers from a security vulnerability that stems from the program's failure to verify that an uploaded image is indeed an image. An attacker exploiting this vulnerability could remotely execute code on the server via t...
CVE-2023-28837 Wagtail vulnerable to denial-of-service via memory exhaustion when uploading large files
Wagtail is an open source content management system built on Django. Prior to versions 4.1.4 and 4.2.2, a memory exhaustion bug exists in Wagtail's handling of uploaded images and documents. For both images and documents, files are loaded into memory during upload for additional processing. A use...
Wagtail 跨站脚本漏洞
Torchbox Wagtail is an open source content management system CMS from the UK-based Torchbox. A cross-site scripting vulnerability exists in Wagtail versions 1.5 through 4.1.4, 4.2, and 4.2.1, which stems from a memory exhaustion issue in Wagtail's handling of uploaded images and documents,...
WordPress plugin OoohBoi Steroids for Elementor 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
SUSE CVE-2014-5356
OpenStack Image Registry and Delivery Service Glance before 2013.2.4, 2014.x before 2014.1.3, and Juno before Juno-3, when using the V2 API, does not properly enforce the imagesizecap configuration option, which allows remote authenticated users to cause a denial of service disk consumption by...
SUSE CVE-2014-9684
OpenStack Image Registry and Delivery Service Glance 2014.2 through 2014.2.2 does not properly remove images, which allows remote authenticated users to cause a denial of service disk consumption by creating a large number of images using the task v2 API and then deleting them before the uploads...