CVE-2026-4847

The CVE-2026-4847 entry concerns dameng100 muucmf 1.9.5.20260309. A cross-site scripting flaw exists in an unknown function of /admin/config/list.html caused by manipulating the Name argument. The attack is remote and the exploit has been made public. No remediation details are provided in the do...

CVE-2026-4847 dameng100 muucmf list.html cross site scripting

A vulnerability was found in dameng100 muucmf 1.9.5.20260309. The impacted element is an unknown function of the file /admin/config/list.html. Performing a manipulation of the argument Name results in cross site scripting. The attack can be initiated remotely. The exploit has been made public and...

MuuCmf 代码注入漏洞

MuuCmf is an open-source application development framework created by Dameng100. Version MuuCmf 1.9.5.20260309 contains a code injection vulnerability. This vulnerability stems from incorrect handling of parameters named “Name” in the file “admin/config/list.html”, which may lead to cross-site...

PT-2026-28220

A vulnerability was found in dameng100 muucmf 1.9.5.20260309. The impacted element is an unknown function of the file /admin/config/list.html. Performing a manipulation of the argument Name results in cross site scripting. The attack can be initiated remotely. The exploit has been made public and...

Salvo is vulnerable to reflected XSS in the list_html function

Summary The function listhtml generates an file view of a folder which includes a render of the current path, in which its inserted in the HTML without proper sanitation, leading to reflected XSS. The request path is decoded and normalized in the matching stage but is not inserted raw in the HTML...

GHSA-54M3-5FXR-2F3J Salvo is vulnerable to stored XSS in the list_html function by uploading files with malicious names

Summary The function listhtml generates a file view of a folder without sanitizing the files or folders names, potentially leading to XSS in cases where a website allows access to public files using this feature, allowing anyone to upload a file. Details The vulnerable snippet of code is the...

EUVD-2026-1422

Salvo is a Rust web backend framework. Prior to version 0.88.1, the function listhtml generate an file view of a folder which include a render of the current path, in which its inserted in the HTML without proper sanitation, this leads to reflected XSS using the fact that request path is decoded...

CVE-2026-22256

CVE-2026-22256 (Salvo) : A reflected XSS vulnerability exists in Salvo before version 0.88.1, arising from the list_html function in the directory listing view. The code inserts the rendered current.path into an HTML title (and page content) without proper sanitization, while the request path is ...

salvo 跨站脚本漏洞

salvo is a web framework from Salvo open source. A cross-site scripting vulnerability exists in versions prior to salvo 0.88.1 , which stems from the listhtml function does not clean up the names of files and folders , which could lead to cross-site scripting attacks...

PT-2026-2186

Name of the Vulnerable Software and Affected Versions Salvo versions prior to 0.88.1 Description Salvo is a Rust web backend framework. Prior to version 0.88.1, the list html function generates a file view of a folder, including a render of the current path. This path is inserted into the HTML...

CVE-2010-20113

EasyFTP Server 1.7.0.11 and earlier contains a stack-based buffer overflow vulnerability in its HTTP interface. When processing a GET request to list.html, the server fails to properly validate the length of the path parameter. Supplying an excessively long value causes a buffer overflow on the...

CVE-2010-20113

EasyFTP Server 1.7.0.11 and earlier contains a stack-based buffer overflow vulnerability in its HTTP interface. When processing a GET request to list.html, the server fails to properly validate the length of the path parameter. Supplying an excessively long value causes a buffer overflow on the...

PT-2024-25371 · Sharp +1 · Multiple Mfps

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue is related to improper processing of some parameters of installed emanual list.html, which leads to a path traversal vulnerability. No...

CVE-2018-1002005

These vulnerabilities require administrative privileges to exploit. There is an XSS vulnerability in bftlist.html.php:43: via the filtersignupdate parameter...

Wordpress Arigato Autoresponder and Newsletter Cross-Site Scripting Vulnerability (CNVD-2019-29710)

WordPress is a blogging platform developed by the WordPress Software Foundation using the PHP language, which supports personal blog sites on PHP and MySQL servers.Arigato Autoresponder and Newsletter is an autoresponder plugin used in... A cross-site scripting vulnerability exists in the...