18 matches found
CVE-2026-41936
Vvveb before version 1.0.8.2 contains an XML external entity XXE injection vulnerability in the admin Tools/Import feature that allows authenticated siteadmin users to read arbitrary files and modify database records. Attackers can exploit the XML parser configuration in system/import/xml.php to...
CVE-2025-11944
A vulnerability was determined in givanz Vvveb up to 1.0.7.3. This affects the function Import of the file admin/controller/tools/import.php of the component Raw SQL Handler. This manipulation causes sql injection. The attack may be initiated remotely. The exploit has been publicly disclosed and...
CVE-2025-11944
A vulnerability was determined in givanz Vvveb up to 1.0.7.3. This affects the function Import of the file admin/controller/tools/import.php of the component Raw SQL Handler. This manipulation causes sql injection. The attack may be initiated remotely. The exploit has been publicly disclosed and...
CVE-2025-11944
A vulnerability was determined in givanz Vvveb up to 1.0.7.3. This affects the function Import of the file admin/controller/tools/import.php of the component Raw SQL Handler. This manipulation causes sql injection. The attack may be initiated remotely. The exploit has been publicly disclosed and...
CVE-2025-11944
Givanz Vvveb up to 1.0.7.3 is affected by a SQL injection in the Raw SQL Handler’s Import function (admin/controller/tools/import.php). The vulnerability arises from input handling in that function, potentially allowing remote exploitation once triggered. Publicly disclosed exploits exist, and a ...
EUVD-2019-6195
Malware in sbrugna...
CVE-2019-15127
REDCap before 9.3.0 allows XSS attacks against non-administrator accounts on the Data Import Tool page via a CSV data import file...
CVE-2025-47486 WordPress Gutenberg & Elementor Templates Importer For Responsive <= 3.1.9 - Broken Access Control Vulnerability
Missing Authorization vulnerability in CyberChimps Gutenberg & Elementor Templates Importer For Responsive allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Gutenberg & Elementor Templates Importer For Responsive: from n/a through 3.1.9...
CVE-2022-0252 Give < 2.17.3 - Reflected Cross-Site Scripting via Import Tool
The GiveWP WordPress plugin before 2.17.3 does not escape the json parameter before outputting it back in an attribute in the Import admin dashboard, leading to a Reflected Cross-Site Scripting...
Give < 2.17.3 - Reflected Cross-Site Scripting via Import Tool
The plugin does not escape the json parameter before outputting it back in an attribute in the Import admin dashboard, leading to a Reflected Cross-Site Scripting var form1 = document.getElementById'hack'; form1.submit;...
Give < 2.17.3 - Reflected Cross-Site Scripting via Import Tool
The plugin does not escape the json parameter before outputting it back in an attribute in the Import admin dashboard, leading to a Reflected Cross-Site Scripting PoC...
WordPress GiveWP plugin <= 2.17.2 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability via Import Tool discovered by JrXnm in WordPress GiveWP plugin versions = 2.17.2. Solution Update the WordPress GiveWP plugin to the latest available version at least 2.17.3...
CVE-2019-15127
REDCap before 9.3.0 allows XSS attacks against non-administrator accounts on the Data Import Tool page via a CSV data import file...
CVE-2019-15127
REDCap before 9.3.0 allows XSS attacks against non-administrator accounts on the Data Import Tool page via a CSV data import file...
Cross site scripting
REDCap before 9.3.0 allows XSS attacks against non-administrator accounts on the Data Import Tool page via a CSV data import file...
CVE-2019-15127
CVE-2019-15127 affects REDCap prior to 9.3.0. The issue is an XSS vulnerability on the Data Import Tool page, exploitable by a CSV data import file and affecting non-administrator accounts. The description in public records does not specify the underlying root cause or CVE exploit vectors beyond ...
CVE-2019-1629
A vulnerability in the configuration import utility of Cisco Integrated Management Controller IMC could allow an unauthenticated, remote attacker to have write access and upload arbitrary data to the filesystem. The vulnerability is due to a failure to delete temporarily uploaded files. An attack...
Eramba Cross-Site Scripting Vulnerability (CNVD-2018-06086)
Eramba is an open source, enterprise-level IT governance application from Eramba UK. The program features IT security, compliance auditing and analysis, and more. A cross-site scripting vulnerability exists in the error page of the CSV file inclusion tab of /importTool/preview URI in Eramba e...