CVE-2021-24162

In the Reponsive Menu free and Pro WordPress plugins before 4.0.4, attackers could craft a request and trick an administrator into importing all new settings. These settings could be modified to include malicious JavaScript, therefore allowing an attacker to inject payloads that could aid in...

Multiple WebToffee Plugins - Cross-Site Request Forgery (CSRF) Issue

From https://www.wordfence.com/blog/2020/03/vulnerability-patched-in-import-export-wordpress-users/ at the bottom "Several additional WooCommerce-centric import/export plugins from WebToffee used the same import functionality. However, they were unable to be activated unless WooCommerce was...

CVE-2019-11216

BMC Smart Reporting 7.3 20180418 allows authenticated XXE within the import functionality. One can import a malicious XML file and perform XXE attacks to download local files from the server, or do DoS attacks with XML expansion attacks. XXE with direct response and XXE OOB are allowed...

CVE-2019-11216

BMC Smart Reporting 7.3 20180418 allows authenticated XXE within the import functionality. One can import a malicious XML file and perform XXE attacks to download local files from the server, or do DoS attacks with XML expansion attacks. XXE with direct response and XXE OOB are allowed...

BMC Smart Reporting 7.3 20180418 XML Injection

4 43 7.3 20180418 2019-01-18 10:14 UTC +0000 66717 sour...

Microsoft Excel 2016 1901 - XML External Entity Injection

Exploit Title: Microsoft Excel 2016 1901 - XML External Entity Injection Discovery by: hyp3rlinx Date: 2019-12-02 Vendor Homepage: www.microsoft.com Tested Version: 2016 v1901 CVE: N/A + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source:...

CVE-2019-8122

A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. An authenticated user with privileges to create products can craft custom layout update and use import product functionality to enable remote code execution...

CVE-2019-16987

In FusionPBX up to v4.5.7, the file app\contacts\contactimport.php uses an unsanitized "querystring" variable coming from the URL, which is reflected in HTML, leading to XSS...

PRODSECBUG-2223: Remote code execution when using functionality that imports a new product

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

PRODSECBUG-2407: Remote code execution due to unsafe PHP archieve deserialization in the import functionality

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

ImageCache Actions - Critical - Multiple Vulnerabilities - SA-CONTRIB-2019-056

The imagecache actions module defines a number of additional image effects that can be used to create image styles. The "Image styles admin" sub module provides additional functionality to duplicate, export and import image styles. The module uses unserialize to import image styles into another...

Bitbucket Data Center - Path traversal in the migration tool leads to RCE - CVE-2019-3397

h3. Issue Summary Bitbucket Data Center had a path traversal vulnerability in the Data Center migration tool. A remote attacker with authenticated user with admin permissions can exploit this path traversal vulnerability to write files to arbitrary locations which can lead to remote code executio...

Authentication flaw

SAP SRM MDM Catalog versions 3.73, 7.31, 7.32 in SAP NetWeaver 7.3 - import functionality does not perform authentication checks for valid repository user. This is an unauthenticated functionality that you can use on windows machines to do SMB relaying...

CVE-2017-13706

XML external entity XXE vulnerability in the import package functionality of the deployment module in Lansweeper before 6.0.100.67 allows remote authenticated users to obtain sensitive information, cause a denial of service, conduct server-side request forgery SSRF attacks, conduct internal port...

White Label CMS <= 1.5.2 - Stored XSS

Due to a lack of CSRF protection, and lack of sanitation of user input, it is possible to trigger a Persistent XSS attack via a CSRF attack. This attack targets in particular the Import functionality, which is located in the 'wlcmsImport' function, within the file...

CSRF in "bookmarks" application - ownCloud

Due to not verifying the CSRF token on the import functionality of the "bookmarks" application, it was vulnerable against CSRF attacks. The "bookmarks" application is disabled by default. An unauthenticated attacker could have used this to import bookmarks into the "bookmarks" application if the...

Server: CSRF in "bookmarks" application

Due to not verifying the CSRF token on the import functionality of the "bookmarks" application, it was vulnerable against CSRF attacks. The "bookmarks" application is disabled by default. An unauthenticated attacker could have used this to import bookmarks into the "bookmarks" application if the...

CVE-2014-3758

Cross-site scripting XSS vulnerability in the BibTex Publications sibibtex extension 0.2.3 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via vectors related to the import functionality...

Cross site scripting

Cross-site scripting XSS vulnerability in the BibTex Publications sibibtex extension 0.2.3 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via vectors related to the import functionality...

CVE-2014-3758

The CVE refers to a Cross-Site Scripting (XSS) vulnerability in the TYPO3 extension BibTex Publications (si_bibtex) version 0.2.3, exposed through the import functionality. The TYPO3 security bulletin TYPO3-EXT-SA-2014-020 documents affected versions (0.2.3 and below) and lists XSS (alongside SQL...