3 matches found
EUVD-2007-2367
Malware in sbrugna...
CVE-2022-46148 Discourse allows self-XSS through malicious composer message
Discourse is an open-source messaging platform. In versions 2.8.10 and prior on the stable branch and versions 2.9.0.beta11 and prior on the beta and tests-passed branches, users composing malicious messages and navigating to drafts page could self-XSS. This vulnerability can lead to a full XSS o...
Design/Logic Flaw
ExpressionEngine before 5.3.2 allows remote attackers to upload and execute arbitrary code in a .php%20 file via Compose Msg, Add attachment, and Save As Draft actions. A user with low privileges member is able to upload this. It is possible to bypass the MIME type check and file-extension check...