CVE-2025-12626 jeecgboot jeewx-boot WxActGoldeneggsPrizesController.java getImgUrl path traversal

A security flaw has been discovered in jeecgboot jeewx-boot up to 641ab52c3e1845fec39996d7794c33fb40dad1dd. This affects the function getImgUrl of the file WxActGoldeneggsPrizesController.java. Performing manipulation of the argument imgurl results in path traversal. Remote exploitation of the...

CVE-2025-12626

CVE-2025-12626 affects jeecgboot jeewx-boot prior to 641ab52c3e1845fec39996d7794c33fb40dad1dd, specifically the getImgUrl function in WxActGoldeneggsPrizesController.java. The vulnerability arises from path traversal via manipulation of the imgurl argument, enabling remote exploitation. Public ex...

Jeewx-Boot 安全漏洞

Jeewx-Boot is an official JEECG open source open source microsoft housekeeping platform. A security vulnerability exists in Jeewx-Boot, which stems from the incorrect manipulation of the parameter imgurl in the file WxActGoldeneggsPrizesController.java, which could lead to a path traversal attack...

EUVD-2020-11793

Malware in sbrugna...

EUVD-2018-7996

Malware in sbrugna...

CVE-2020-19897

A reflected Cross Site Scripting XSS in wuzhicms v4.1.0 allows remote attackers to execute arbitrary web script or HTML via the imgurl parameter...

CVE-2023-28666

The InPost Gallery WordPress plugin, in versions 2.2.2, is affected by a reflected cross-site scripting vulnerability in the 'imgurl' parameter to the addinpostgalleryslideitem action, which can only be triggered by an authenticated user...

PT-2023-21887 · WordPress · Inpost Gallery

Name of the Vulnerable Software and Affected Versions: InPost Gallery WordPress plugin versions prior to 2.2.2 Description: The issue is a reflected cross-site scripting vulnerability. It affects the imgurl parameter to the add inpost gallery slide item action and can only be triggered by an...

InPost Gallery <= 2.1.4.1 - Reflected XSS

The plugin does not sanitise and escape the imgurl parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin PoC Make a logged in admin open...

CVE-2020-19897

A reflected Cross Site Scripting XSS in wuzhicms v4.1.0 allows remote attackers to execute arbitrary web script or HTML via the imgurl parameter...

CVE-2020-19897

A reflected Cross Site Scripting XSS in wuzhicms v4.1.0 allows remote attackers to execute arbitrary web script or HTML via the imgurl parameter...

Cross site scripting

A reflected Cross Site Scripting XSS in wuzhicms v4.1.0 allows remote attackers to execute arbitrary web script or HTML via the imgurl parameter...

CVE-2020-19897

A reflected Cross Site Scripting XSS in wuzhicms v4.1.0 allows remote attackers to execute arbitrary web script or HTML via the imgurl parameter...

WUZHI CMS 跨站脚本漏洞

WUZHI CMS is a set of five fingers WUZHI company based on PHP and MySQL open source content management system CMS. A security vulnerability exists in WUZHI CMS version v4.1.0. A remote attacker can exploit this vulnerability to execute arbitrary web script or HTML via the imgurl parameter...

Cross site scripting

Cross Site Scripting XSS vulnerability exists in cxuucms v3 via the imgurl of /feedback/post/ content parameter...

CVE-2021-42970

Cross Site Scripting XSS vulnerability exists in cxuucms v3 via the imgurl of /feedback/post/ content parameter...

CVE-2021-34129

LaikeTui 3.5.0 allows remote authenticated users to delete arbitrary files, as demonstrated by deleting install.lock in order to reinstall the product in an attacker-controlled manner. This deletion is possible via directory traversal in the uploadImg, oldpic, or imgurl parameter...

Directory traversal

LaikeTui 3.5.0 allows remote authenticated users to delete arbitrary files, as demonstrated by deleting install.lock in order to reinstall the product in an attacker-controlled manner. This deletion is possible via directory traversal in the uploadImg, oldpic, or imgurl parameter...

CXUUCMS Cross-Site Scripting Vulnerability (CNVD-2020-75073)

CxuuCms is an easy-to-use, open source PHP+Mysql based content management system. CXUUCMS 3.1 suffers from a reflective cross-site scripting vulnerability. Attackers can use the vulnerability to inject arbitrary Web script or HTML via the imgurl parameter of admin.php?c=content&a=add...

Cross site scripting

CXUUCMS V3 3.1 is affected by a reflected XSS vulnerability that allows remote attackers to inject arbitrary web script or HTML via the imgurl parameter of admin.php?c=content&a=add...