12 matches found
CVE-2025-40663
Stored Cross-Site Scripting XSS vulnerability in i2A-Cronos version 23.02.01.17, from i2A. It allows an authenticated attacker to upload a malicious SVG image into the user's personal space in /CronosWeb/Modules/Persons/PersonalDocuments/PersonalDocuments. There is no reported fix at this time...
CVE-2025-40663
CVE-2025-40663 describes a Stored Cross-Site Scripting (XSS) vulnerability in i2A-Cronos v23.02.01.17 (i2A). An authenticated attacker can upload a malicious SVG image into a user’s personal space at /CronosWeb/Modules/Persons/PersonalDocuments/PersonalDocuments, leading to script execution withi...
Leantime allows Refelected Cross-Site Scripting (XSS)
Summary The vulnerability in Leantime's "overdue" section allows attackers to upload malicious image files containing XSS payloads. When other users view these files, the scripts execute, enabling attackers to steal sensitive information or perform unauthorized actions. Improving input validation...
Clibo Manager 跨站脚本漏洞
Clibo Manager is a management platform from Clibo Manager, Inc. providing sports clubs with the ability to manage subscriptions and ticket sales, as well as direct contact with subscribers, events, sales statistics, and more. A cross-site scripting vulnerability exists in Clibo Manager version...
OpenStack Security Vulnerabilities
OpenStack is a cloud platform management program of the National Aeronautics and Space Administration NASA. A security vulnerability exists in OpenStack, which stems from an input validation flaw that could allow an attacker to deliver a malicious image by uploading or creating and modifying an...
多款Cisco产品数据伪造问题漏洞
Cisco Adaptive Security Appliances Software ASA Software and Cisco Adaptive Security Device Manager are both products of Cisco, Inc.Cisco Adaptive Security Appliances Software is a firewall and network security platform. The platform provides highly secure access to data and network resources, et...
CVE-2020-12837
ismartgate PRO 1.5.9 is vulnerable to malicious file uploads via the form for uploading images to garage doors. The magic bytes of PNG must be used...
CVE-2019-0017
The CVE-2019-0017 issue affects Juniper Networks Junos Space: the application allows uploading Device Image files but lacks proper validation, enabling potential uploading of malicious images or scripts. Affected releases are Junos Space before 18.3R1. The description notes an insufficient validi...
ImageMagick Remote Code Execution Vulnerability (CNVD-2017-25059)
ImageMagick is a set of open-source image processing software from the U.S. company ImageMagick Studio. The software can read, convert and write pictures in a variety of formats. A remote code execution vulnerability exists in the 'ReadOneMNGImage' function in the coders/png.c file in versions of...
ImageMagick Remote Code Execution Vulnerability
ImageMagick is an open source software for creating, editing, and composing images. It can read, convert, and write images in many formats, adheres to the GPL license agreement, and runs on most operating systems. A remote code execution vulnerability exists in ImageMagick. An attacker can exploi...
FreeBSD : drupal -- multiple vulnerabilities (faca0843-6281-11da-8630-00123ffe8333)
Secunia reports : Some vulnerabilities have been reported in Drupal, which can be exploited by malicious people to bypass certain security restrictions, and conduct script insertion and HTTP response splitting attacks. 1 An input validation error in the filtering of HTML code can be exploited to...
Coppermine Photo Gallery 1.0 - PHP Code Injection
Coppermine Photo Gallery 1.0 - PHP Code Injection source: https://www.securityfocus.com/bid/7300/info Coppermine Photo Gallery has been reported prone to PHP code injection attacks. Due to a lack of sufficient sanitization performed on user-supplied filenames that are uploaded into the Photo...