CVE-2025-12626 jeecgboot jeewx-boot WxActGoldeneggsPrizesController.java getImgUrl path traversal

A security flaw has been discovered in jeecgboot jeewx-boot up to 641ab52c3e1845fec39996d7794c33fb40dad1dd. This affects the function getImgUrl of the file WxActGoldeneggsPrizesController.java. Performing manipulation of the argument imgurl results in path traversal. Remote exploitation of the...

CVE-2025-12626

CVE-2025-12626 affects jeecgboot jeewx-boot prior to 641ab52c3e1845fec39996d7794c33fb40dad1dd, specifically the getImgUrl function in WxActGoldeneggsPrizesController.java. The vulnerability arises from path traversal via manipulation of the imgurl argument, enabling remote exploitation. Public ex...

Jeewx-Boot 安全漏洞

Jeewx-Boot is an official JEECG open source open source microsoft housekeeping platform. A security vulnerability exists in Jeewx-Boot, which stems from the incorrect manipulation of the parameter imgurl in the file WxActGoldeneggsPrizesController.java, which could lead to a path traversal attack...

EUVD-2020-11793

Malware in sbrugna...

EUVD-2021-1690

Malware in sbrugna...

EUVD-2018-7996

Malware in sbrugna...

EUVD-2021-20792

Malware in sbrugna...

EUVD-2021-29925

Malicious code in bioql PyPI...

EUVD-2022-5228

Malicious code in bioql PyPI...

CVE-2022-29305

imgurl v2.31 was discovered to contain a Blind SQL injection vulnerability via /upload/localhost...

CVE-2021-38713

imgURL 2.31 allows XSS via an X-Forwarded-For HTTP header...

CVE-2020-19897

A reflected Cross Site Scripting XSS in wuzhicms v4.1.0 allows remote attackers to execute arbitrary web script or HTML via the imgurl parameter...

CVE-2023-28666

The InPost Gallery WordPress plugin, in versions 2.2.2, is affected by a reflected cross-site scripting vulnerability in the 'imgurl' parameter to the addinpostgalleryslideitem action, which can only be triggered by an authenticated user...

PT-2023-21887 · WordPress · Inpost Gallery

Name of the Vulnerable Software and Affected Versions: InPost Gallery WordPress plugin versions prior to 2.2.2 Description: The issue is a reflected cross-site scripting vulnerability. It affects the imgurl parameter to the add inpost gallery slide item action and can only be triggered by an...

InPost Gallery <= 2.1.4.1 - Reflected XSS

The plugin does not sanitise and escape the imgurl parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin Make a logged in admin open...

InPost Gallery <= 2.1.4.1 - Reflected XSS

The plugin does not sanitise and escape the imgurl parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin PoC Make a logged in admin open...

CVE-2020-19897

A reflected Cross Site Scripting XSS in wuzhicms v4.1.0 allows remote attackers to execute arbitrary web script or HTML via the imgurl parameter...

CVE-2020-19897

A reflected Cross Site Scripting XSS in wuzhicms v4.1.0 allows remote attackers to execute arbitrary web script or HTML via the imgurl parameter...

Cross site scripting

A reflected Cross Site Scripting XSS in wuzhicms v4.1.0 allows remote attackers to execute arbitrary web script or HTML via the imgurl parameter...

CVE-2020-19897

A reflected Cross Site Scripting XSS in wuzhicms v4.1.0 allows remote attackers to execute arbitrary web script or HTML via the imgurl parameter...