5968 matches found
CVE-2024-11390 Kibana Unrestricted Upload of File with Dangerous Type Can Lead to XSS
Unrestricted upload of a file with dangerous type in Kibana can lead to arbitrary JavaScript execution in a victim’s browser XSS via crafted HTML and JavaScript files. The attacker must have access to the Synthetics app AND/OR have access to write to the synthetics indices...
CVE-2025-46338
Audiobookshelf is a self-hosted audiobook and podcast server. Prior to version 2.21.0, an improper input handling vulnerability in the /api/upload endpoint allows an attacker to perform a reflected cross-site scripting XSS attack by submitting malicious payloads in the libraryId field. The...
PT-2025-18389 · Elastic · Kibana
Name of the Vulnerable Software and Affected Versions: Kibana affected versions not specified Description: The issue allows for the unrestricted upload of files with dangerous types, potentially leading to arbitrary JavaScript execution in a victim's browser, resulting in a cross-site scripting X...
CVE-2022-42449
Unsafe default file type filter policy in HCL Domino Volt allows upload of .html file and execution of unsafe JavaScript in deployed applications...
CVE-2022-27562
Unsafe default file type filter policy in HCL Domino Volt allows upload of .html file and execution of unsafe JavaScript in deployed applications...
CVE-2022-27562
Unsafe default file type filter policy in HCL Domino Volt allows upload of .html file and execution of unsafe JavaScript in deployed applications...
CVE-2022-42449 HCL Domino Volt is affected by an unrestricted upload of a dangerous file type
Unsafe default file type filter policy in HCL Domino Volt allows upload of .html file and execution of unsafe JavaScript in deployed applications...
CVE-2022-42449
CVE-2022-42449 affects HCL Domino Volt. The root cause is an unsafe default file-type filtering policy that allows uploading .html files, enabling execution of unsafe JavaScript in deployed applications. Documents consistently describe the issue but do not provide a confirmed patch version or rem...
CVE-2022-27562 HCL Domino Volt is affected by an unrestricted upload of a dangerous file type
Unsafe default file type filter policy in HCL Domino Volt allows upload of .html file and execution of unsafe JavaScript in deployed applications...
CVE-2022-27562
CVE-2022-27562 is reported across multiple sources as a vulnerability in HCL Domino Volt caused by an unsafe default file-type filtering policy. This policy allows uploading of .html files and the execution of unsafe JavaScript in deployed applications, without publicly documented a fix in the co...
CVE-2025-46558
XWiki Contrib's Syntax Markdown allows importing Markdown content into wiki pages and creating wiki content in Markdown. In versions starting from 8.2 to before 8.9, the Markdown syntax is vulnerable to cross-site scripting XSS through HTML. In particular, using Markdown syntax, it's possible for...
GHSA-8G2J-RHFH-HQ3R org.xwiki.contrib.markdown:syntax-markdown-commonmark12 vulnerable to XSS via Markdown content
Impact The Markdown syntax is vulnerable to XSS through HTML. In particular, using Markdown syntax, it's possible for any user to embed Javascript code that will then be executed on the browser of any other user visiting either the document or the comment that contains it. In the instance that th...
PT-2025-18331 · Hcl · Hcl Domino Volt
Name of the Vulnerable Software and Affected Versions: HCL Domino Volt affected versions not specified Description: The issue concerns an unsafe default file type filter policy that allows the upload of .html files, leading to the execution of unsafe JavaScript in deployed applications. This coul...
CVE-2025-40616
Reflected Cross-Site Scripting XSS vulnerability in Bookgy. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending a malicious URL through the "IDRESERVA" parameter in /bkgimprimircomprobante.php...
CVE-2025-40615
Reflected Cross-Site Scripting XSS vulnerability in Bookgy. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending a malicious URL through the "TEXTO" parameter in /api/apiajustes.php...
CVE-2025-40616 Reflected Cross-Site Scripting (XSS) vulnerability in Bookgy
Reflected Cross-Site Scripting XSS vulnerability in Bookgy. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending a malicious URL through the "IDRESERVA" parameter in /bkgimprimircomprobante.php...
CVE-2025-40616
Bookgy’s CVE-2025-40616 is a reflected XSS in the IDRESERVA parameter of /bkg_imprimir_comprobante.php. The vulnerability arises from unsanitized input reflected in the response, allowing an attacker to execute JavaScript in the victim’s browser. Connected sources confirm the issue but do not spe...
CVE-2025-40615 Reflected Cross-Site Scripting (XSS) vulnerability in Bookgy
Reflected Cross-Site Scripting XSS vulnerability in Bookgy. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending a malicious URL through the "TEXTO" parameter in /api/apiajustes.php...
CVE-2025-40615 Reflected Cross-Site Scripting (XSS) vulnerability in Bookgy
Reflected Cross-Site Scripting XSS vulnerability in Bookgy. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending a malicious URL through the "TEXTO" parameter in /api/apiajustes.php...
YesWiki Stored XSS Vulnerability in Comments
Summary A stored cross-site scripting XSS vulnerability was discovered in the application’s comments feature. This issue allows a malicious actor to inject JavaScript payloads that are stored and later executed in the browser of any user viewing the affected comment. The XSS occurs because the...