25 matches found
CVE-2026-34161
Chamilo LMS is an open-source learning management system. In versions prior to 2.0.0-RC.3, a Stored Cross-Site Scripting XSS vulnerability exists in the social post attachment upload functionality, where an authenticated user can upload a malicious HTML file containing JavaScript via the...
CVE-2026-28274
Initiative is a self-hosted project management platform. Versions of the application prior to 0.32.4 are vulnerable to Stored Cross-Site Scripting XSS in the document upload functionality. Any user with upload permissions within the "Initiatives" section can upload a malicious .html or .htm file ...
CVE-2020-24983
An issue was discovered in Quadbase EspressReports ES 7 Update 9. An unauthenticated attacker can create a malicious HTML file that houses a POST request made to the DashboardBuilder within the target web application. This request will utilise the target admin session and perform the authenticate...
EUVD-2024-20404
Malicious code in bioql PyPI...
CVE-2024-0243
With the following crawler configuration: python from bs4 import BeautifulSoup as Soup url = "https://example.com" loader = RecursiveUrlLoader url=url, maxdepth=2, extractor=lambda x: Soupx, "html.parser".text docs = loader.load An attacker in control of the contents of https://example.com could...
CVE-2019-17324
ClipSoft REXPERT 1.0.0.527 and earlier version allows directory traversal by issuing a special HTTP POST request with ../ characters. This could lead to create malicious HTML file, because they can inject a content with crafted template. User interaction is required to exploit this vulnerability ...
Dust: Stored XSS in File Upload Leads to Privilege Escalation and Full Workspace Takeover
A stored cross-site scripting XSS vulnerability was discovered in the Dust platform's file upload functionality. An attacker could upload a malicious HTML file to a conversation. When another user, including an admin, visited the uploaded file, JavaScript was executed in their authenticated brows...
CVE-2024-8400
A stored cross-site scripting XSS vulnerability exists in the latest version of gaizhenbiao/chuanhuchatgpt. The vulnerability allows an attacker to upload a malicious HTML file containing JavaScript code, which is then executed when the file is accessed. This can lead to the execution of arbitrar...
CVE-2024-8400
A stored cross-site scripting XSS vulnerability exists in the latest version of gaizhenbiao/chuanhuchatgpt. The vulnerability allows an attacker to upload a malicious HTML file containing JavaScript code, which is then executed when the file is accessed. This can lead to the execution of arbitrar...
CVE-2024-8400
CVE-2024-8400 is a stored cross-site scripting vulnerability in gaizhenbiao/chuanhuchatgpt. The issue stems from lack of proper filtering/escaping when a user uploads an HTML file that contains JavaScript, which is then executed when the file is accessed. This enables arbitrary JavaScript executi...
CVE-2024-8400 Stored XSS in gaizhenbiao/chuanhuchatgpt
A stored cross-site scripting XSS vulnerability exists in the latest version of gaizhenbiao/chuanhuchatgpt. The vulnerability allows an attacker to upload a malicious HTML file containing JavaScript code, which is then executed when the file is accessed. This can lead to the execution of arbitrar...
CVE-2024-8400 Stored XSS in gaizhenbiao/chuanhuchatgpt
A stored cross-site scripting XSS vulnerability exists in the latest version of gaizhenbiao/chuanhuchatgpt. The vulnerability allows an attacker to upload a malicious HTML file containing JavaScript code, which is then executed when the file is accessed. This can lead to the execution of arbitrar...
LangChain < 0.1.0 SSRF
The version of LangChain installed on the remote host is prior to 0.1.0. It is, therefore, affected by a SSRF vulnerability. An attacker in control of the contents of 'https://example.com' could place a malicious HTML file in there with links like 'https://example.completely.different/myfile.html...
ComfyUI 跨站脚本漏洞
ComfyUI is one of the most powerful and modular diffusion model GUI and backend for comfyanonymous individual developers. A cross-site scripting vulnerability exists in ComfyUI version 0.2.2 and prior versions, which can be exploited by an attacker to cause arbitrary JavaScript code to be execute...
CVE-2024-0243
With the following crawler configuration: python from bs4 import BeautifulSoup as Soup url = "https://example.com" loader = RecursiveUrlLoader url=url, maxdepth=2, extractor=lambda x: Soupx, "html.parser".text docs = loader.load An attacker in control of the contents of https://example.com could...
Quadbase EspressReports ES 跨站请求伪造漏洞
Quadbase EspressReports ES is a software application from Quadbase, Inc. It provides special reporting and querying capabilities that allow users to create various queries and reports through a zero-client browser interface. A cross-site request forgery vulnerability exists in Quadbase...
CVE-2019-17324
ClipSoft REXPERT 1.0.0.527 and earlier version allows directory traversal by issuing a special HTTP POST request with ../ characters. This could lead to create malicious HTML file, because they can inject a content with crafted template. User interaction is required to exploit this vulnerability ...
Directory traversal
ClipSoft REXPERT 1.0.0.527 and earlier version allows directory traversal by issuing a special HTTP POST request with ../ characters. This could lead to create malicious HTML file, because they can inject a content with crafted template. User interaction is required to exploit this vulnerability ...
CVE-2019-17324
ClipSoft REXPERT 1.0.0.527 and earlier version allows directory traversal by issuing a special HTTP POST request with ../ characters. This could lead to create malicious HTML file, because they can inject a content with crafted template. User interaction is required to exploit this vulnerability ...
IBM Connections File Upload Vulnerability
IBM Connections is a suite of social software platforms from IBM in the United States. The platform provides advanced analytics and real-time data monitoring capabilities, and accelerates web collaboration within and outside the organization through IBM SmartCloud services. A file upload...