35 matches found
Fiora 跨站脚本漏洞
Fiora - is a chat application by yinxin630 individual developer. A cross-site scripting vulnerability exists in Fiora version 1.0.0, which originates from the execution of arbitrary JavaScript while rendering a malicious SVG file, and could lead to a cross-site scripting attack...
CVE-2025-59415
Frappe Learning is a learning system that helps users structure their content. In versions 2.34.1 and below, there is a security vulnerability in Frappe Learning where the system did not adequately sanitize the content uploaded in the profile bio. Malicious SVG files could be used to execute...
CVE-2025-59415 Frappe Learning vulnerable to Malicious Content upload via Profile bio field
Frappe Learning is a learning system that helps users structure their content. In versions 2.34.1 and below, there is a security vulnerability in Frappe Learning where the system did not adequately sanitize the content uploaded in the profile bio. Malicious SVG files could be used to execute...
The vulnerability of the Ghost content management system, related to the lack of measures taken to protect the website structure, allows attackers to carry out XSS attacks.
The vulnerability of the Ghost content management system is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to carry out XSS attacks by sending a specially created malicious SVG file containing JavaScript code to port...
CVE-2024-24943
In JetBrains Toolbox App before 2.2 a DoS attack was possible via a malicious SVG image...
CVE-2023-7089
The Easy SVG Allow WordPress plugin through 1.0 does not sanitize uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads...
DEBIAN-CVE-2023-1289
A vulnerability was discovered in ImageMagick where a specially created SVG file loads itself and causes a segmentation fault. This flaw allows a remote attacker to pass a specially crafted SVG file that leads to a segmentation fault, generating many trash files in "/tmp," resulting in a denial o...
CVE-2022-28270
Adobe Photoshop versions 22.5.6 and earlier and 23.2.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious SVG...
CVE-2021-44118
SPIP 4.0.0 is affected by a Cross Site Scripting XSS vulnerability. To exploit the vulnerability, a visitor must browse to a malicious SVG file. The vulnerability allows an authenticated attacker to inject malicious code running on the client side into web pages visited by other users stored XSS...
UBUNTU-CVE-2021-44118
SPIP 4.0.0 is affected by a Cross Site Scripting XSS vulnerability. To exploit the vulnerability, a visitor must browse to a malicious SVG file. The vulnerability allows an authenticated attacker to inject malicious code running on the client side into web pages visited by other users stored XSS...
CVE-2021-39823
Adobe svg-native-viewer 8182d14dfad5d1e10f53ed830328d7d9a3cfa96d and earlier versions are affected by a heap buffer overflow vulnerability due to insecure handling of a malicious .svg file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is...
CVE-2020-9388
CSRF protection was not present in SquaredUp before version 4.6.0. A CSRF attack could have been possible by an administrator executing arbitrary code in a HTML dashboard tile via a crafted HTML page, or by uploading a malicious SVG payload into a dashboard...
CVE-2017-2587
A memory allocation vulnerability was found in netpbm before 10.61. A maliciously crafted SVG file could cause the application to crash...
Alkacon OpenCMS gallery feature cross-site scripting vulnerability
Alkacon OpenCms is the German Alkacon Software's set of open source Java and XML-based content management system CMS. The system supports template engine , WYSIWYG editor and so on. A cross-site scripting vulnerability exists in the gallery feature in Alkacon OpenCMS version 10.5.3. A remote...
PT-2017-16654 · Apache +2 · Apache Batik +2
Name of the Vulnerable Software and Affected Versions: Apache Batik versions prior to 1.9 Description: The issue allows arbitrary users to reveal files on the server's filesystem by sending maliciously formed SVG files. The types of files that can be accessed depend on the user context in which t...