10 matches found
Fireshare 安全漏洞
Fireshare is a media hosting software developed by Shane Israel individually. Version 1.5.1 of Fireshare contains a security vulnerability, which stems from authenticated path traversal in the multipart upload endpoint, potentially allowing arbitrary file writing...
CVE-2026-23499
Saleor is an e-commerce platform. Starting in version 3.0.0 and prior to versions 3.20.108, 3.21.43, and 3.22.27, Saleor allowed authenticated staff users or Apps to upload arbitrary files, including malicious HTML and SVG files containing Javascript. Depending on the deployment strategy, these...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the upload arbitrary files. An attacker can execute arbitrary scripts in the context of another user's browser by uploading malicious HTML or SVG files that are then rendered from the same domain as the...
CVE-2023-49279
Umbraco is an ASP.NET content management system CMS. Starting in version 7.0.0 and prior to versions 7.15.11, 8.18.9, 10.7.0, 11.5.0, and 12.2.0, a user with access to the backoffice can upload SVG files that include scripts. If the user can trick another user to load the media directly in a...
Stored XSS via SVG File Upload
Impact A user with access to the backoffice can upload SVG files that include scripts. If the user can trick another user to load the media directly in a browser, the scripts can be executed. Workaround Implement the server side file validation...
Input validation
Umbraco is an ASP.NET content management system CMS. Starting in version 7.0.0 and prior to versions 7.15.11, 8.18.9, 10.7.0, 11.5.0, and 12.2.0, a user with access to the backoffice can upload SVG files that include scripts. If the user can trick another user to load the media directly in a...
CVE-2023-49279 Umbraco CMS vulnerable to stored XSS via SVG File Upload
Umbraco is an ASP.NET content management system CMS. Starting in version 7.0.0 and prior to versions 7.15.11, 8.18.9, 10.7.0, 11.5.0, and 12.2.0, a user with access to the backoffice can upload SVG files that include scripts. If the user can trick another user to load the media directly in a...
CVE-2023-49279 Umbraco CMS vulnerable to stored XSS via SVG File Upload
Umbraco is an ASP.NET content management system CMS. Starting in version 7.0.0 and prior to versions 7.15.11, 8.18.9, 10.7.0, 11.5.0, and 12.2.0, a user with access to the backoffice can upload SVG files that include scripts. If the user can trick another user to load the media directly in a...
CVE-2023-49279
CVE-2023-49279 – Umbraco SVG backoffice upload issue : Umbraco CMS (ASP.NET) versions prior to patches allow a backoffice user to upload SVG files containing scripts. If another user loads the media in a browser, scripts can execute. Affected versions: 7.0.0 through just-before patches 7.15.11, 8...
Imageshack.us - User Authentication Bypass
Imageshack.us media hosting company. This is private exploit. You can buy it at https://0day.today...