3 matches found
Cross-site Scripting (XSS)
Overview parse-server is a version of the Parse backend that can be deployed to any infrastructure that can run Node.js. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the file upload extension check in FilesRouter in src/FilesRouter and FilesController. An...
Kentico Xperience 跨站脚本漏洞
Kentico Xperience is a digital experience platform from Kentico, Inc. A security vulnerability exists in Kentico Xperience versions prior to 13.0.178 that stems from allowing the upload of .zip files could result in the creation of files with other extensions...
PYSEC-2025-19
picklescan before 0.0.22 only considers standard pickle file extensions in the scope for its vulnerability scan. An attacker could craft a malicious model that uses Pickle and include a malicious pickle file with a non-standard file extension. Because the malicious pickle file inclusion is not...