11 matches found
CVE-2026-33653
Ulloady is a file uploader script with multi-file upload support. A Stored Cross-Site Scripting XSS vulnerability exists in versions prior to 3.1.2 due to improper sanitization of filenames during the file upload process. An attacker can upload a file with a malicious filename containing JavaScri...
CVE-2025-12848
Webform Multiple File Upload module for Drupal 7.x contains a cross-site scripting XSS vulnerability in the file name renderer. An unauthenticated attacker can exploit this vulnerability by uploading a file with a malicious filename containing JavaScript code e.g., "" to a Webform node with a...
Cross-site Scripting (XSS)
Overview jquery-multifile is a jQuery Multiple File Selection Plugin Affected versions of this package are vulnerable to Cross-site Scripting XSS via the file name processing. An attacker can execute arbitrary scripts in the context of a victim's browser by providing a file with a specially craft...
CVE-2025-12848
Webform Multiple File Upload module for Drupal 7.x contains a cross-site scripting XSS vulnerability in the file name renderer. An unauthenticated attacker can exploit this vulnerability by uploading a file with a malicious filename containing JavaScript code e.g., "" to a Webform node with a...
CVE-2025-12848
Webform Multiple File Upload module for Drupal 7.x contains a cross-site scripting XSS vulnerability in the file name renderer. An unauthenticated attacker can exploit this vulnerability by uploading a file with a malicious filename containing JavaScript code e.g., "" to a Webform node with a...
CVE-2025-12848 XSS vulnerability when rendering filename in Webform Multiform
Webform Multiple File Upload module for Drupal 7.x contains a cross-site scripting XSS vulnerability in the file name renderer. An unauthenticated attacker can exploit this vulnerability by uploading a file with a malicious filename containing JavaScript code e.g., "" to a Webform node with a...
EUVD-2025-199686
Webform Multiple File Upload module for Drupal 7.x contains a cross-site scripting XSS vulnerability in the file name renderer. An unauthenticated attacker can exploit this vulnerability by uploading a file with a malicious filename containing JavaScript code e.g., "" to a Webform node with a...
CVE-2025-12848
Webform Multiple File Upload module for Drupal 7.x contains a cross-site scripting XSS vulnerability in the file name renderer. An unauthenticated attacker can exploit this vulnerability by uploading a file with a malicious filename containing JavaScript code e.g., "" to a Webform node with a...
PT-2025-48120
Name of the Vulnerable Software and Affected Versions Drupal Webform Multiple File Upload module versions 7.x affected versions not specified Description The Webform Multiple File Upload module for Drupal 7.x contains a cross-site scripting XSS issue in the file name renderer. An unauthenticated...
CVE-2025-53557
A heap-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch 35a819fa. A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability...
moinmoin -- XSS vulnerabilities
Thomas Waldmann reports: fix XSS in AttachFile view multifile related CVE-2016-7148 fix XSS in GUI editor's attachment dialogue CVE-2016-7146 fix XSS in GUI editor's link dialogue CVE-2016-9119...