Lucene search
K

12 matches found

RedhatCVE
RedhatCVE
added 2025/05/28 1:46 p.m.27 views

CVE-2025-40663

Stored Cross-Site Scripting XSS vulnerability in i2A-Cronos version 23.02.01.17, from i2A. It allows an authenticated attacker to upload a malicious SVG image into the user's personal space in /CronosWeb/Modules/Persons/PersonalDocuments/PersonalDocuments. There is no reported fix at this time...

5.1CVSS5.5AI score0.003EPSS
Exploits0References1
CVE
CVE
added 2025/05/26 12:55 p.m.52 views

CVE-2025-40663

CVE-2025-40663 describes a Stored Cross-Site Scripting (XSS) vulnerability in i2A-Cronos v23.02.01.17 (i2A). An authenticated attacker can upload a malicious SVG image into a user’s personal space at /CronosWeb/Modules/Persons/PersonalDocuments/PersonalDocuments, leading to script execution withi...

5.1CVSS5.2AI score0.003EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2025/02/21 10:15 p.m.12 views

Leantime allows Refelected Cross-Site Scripting (XSS)

Summary The vulnerability in Leantime's "overdue" section allows attackers to upload malicious image files containing XSS payloads. When other users view these files, the scripts execute, enabling attackers to steal sensitive information or perform unauthorized actions. Improving input validation...

6.3AI score
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2024/09/26 12:0 a.m.3 views

Clibo Manager 跨站脚本漏洞

Clibo Manager is a management platform from Clibo Manager, Inc. providing sports clubs with the ability to manage subscriptions and ticket sales, as well as direct contact with subscribers, events, sales statistics, and more. A cross-site scripting vulnerability exists in Clibo Manager version...

7.6CVSS6AI score0.00242EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/07/02 12:0 a.m.5 views

OpenStack Security Vulnerabilities

OpenStack is a cloud platform management program of the National Aeronautics and Space Administration NASA. A security vulnerability exists in OpenStack, which stems from an input validation flaw that could allow an attacker to deliver a malicious image by uploading or creating and modifying an...

6.5CVSS7.2AI score0.00835EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/06/22 12:0 a.m.3 views

多款Cisco产品数据伪造问题漏洞

Cisco Adaptive Security Appliances Software ASA Software and Cisco Adaptive Security Device Manager are both products of Cisco, Inc.Cisco Adaptive Security Appliances Software is a firewall and network security platform. The platform provides highly secure access to data and network resources, et...

9.1CVSS7.8AI score0.03206EPSS
Exploits1References7
OSV
OSV
added 2020/09/24 4:15 p.m.3 views

CVE-2020-12837

ismartgate PRO 1.5.9 is vulnerable to malicious file uploads via the form for uploading images to garage doors. The magic bytes of PNG must be used...

7.5CVSS7.1AI score0.00931EPSS
Exploits1References2
CVE
CVE
added 2019/01/15 9:0 p.m.69 views

CVE-2019-0017

The CVE-2019-0017 issue affects Juniper Networks Junos Space: the application allows uploading Device Image files but lacks proper validation, enabling potential uploading of malicious images or scripts. Affected releases are Junos Space before 18.3R1. The description notes an insufficient validi...

8.8CVSS7.2AI score0.01101EPSS
Exploits0References1Affected Software1
CNVD
CNVD
added 2017/08/24 12:0 a.m.2 views

ImageMagick Remote Code Execution Vulnerability (CNVD-2017-25059)

ImageMagick is a set of open-source image processing software from the U.S. company ImageMagick Studio. The software can read, convert and write pictures in a variety of formats. A remote code execution vulnerability exists in the 'ReadOneMNGImage' function in the coders/png.c file in versions of...

9.8CVSS7.3AI score0.03823EPSS
Exploits0References1
CNVD
CNVD
added 2016/05/05 12:0 a.m.5 views

ImageMagick Remote Code Execution Vulnerability

ImageMagick is an open source software for creating, editing, and composing images. It can read, convert, and write images in many formats, adheres to the GPL license agreement, and runs on most operating systems. A remote code execution vulnerability exists in ImageMagick. An attacker can exploi...

10CVSS9.4AI score0.97485EPSS
Exploits11References1
Tenable Nessus
Tenable Nessus
added 2006/05/13 12:0 a.m.13 views

FreeBSD : drupal -- multiple vulnerabilities (faca0843-6281-11da-8630-00123ffe8333)

Secunia reports : Some vulnerabilities have been reported in Drupal, which can be exploited by malicious people to bypass certain security restrictions, and conduct script insertion and HTTP response splitting attacks. 1 An input validation error in the filtering of HTML code can be exploited to...

6AI score
Exploits0References4
exploitpack
exploitpack
added 2003/04/07 12:0 a.m.22 views

Coppermine Photo Gallery 1.0 - PHP Code Injection

Coppermine Photo Gallery 1.0 - PHP Code Injection source: https://www.securityfocus.com/bid/7300/info Coppermine Photo Gallery has been reported prone to PHP code injection attacks. Due to a lack of sufficient sanitization performed on user-supplied filenames that are uploaded into the Photo...

0.2AI score
Exploits0
Rows per page
Query Builder