9 matches found
CVE-2023-51252
PublicCMS 4.0 is vulnerable to Cross Site Scripting XSS. Because files can be uploaded and online preview function is provided, pdf files and html files containing malicious code are uploaded, an XSS popup window is realized through online viewing...
CVE-2023-51252
PublicCMS 4.0 is vulnerable to Cross Site Scripting XSS. Because files can be uploaded and online preview function is provided, pdf files and html files containing malicious code are uploaded, an XSS popup window is realized through online viewing...
CVE-2023-51252
PublicCMS 4.0 is vulnerable to Cross Site Scripting XSS. Because files can be uploaded and online preview function is provided, pdf files and html files containing malicious code are uploaded, an XSS popup window is realized through online viewing...
Cross site scripting
PublicCMS 4.0 is vulnerable to Cross Site Scripting XSS. Because files can be uploaded and online preview function is provided, pdf files and html files containing malicious code are uploaded, an XSS popup window is realized through online viewing...
CVE-2023-51252
PublicCMS 4.0 is affected by an XSS vulnerability in the Online Preview component. The issue arises from inadequate protection of the web page structure when uploaded files (PDF/HTML) are viewed online, enabling an XSS popup. Root cause: lack of proper input handling in the Online Preview feature...
CVE-2023-51252
PublicCMS 4.0 is vulnerable to Cross Site Scripting XSS. Because files can be uploaded and online preview function is provided, pdf files and html files containing malicious code are uploaded, an XSS popup window is realized through online viewing...
CVE-2023-51252
PublicCMS 4.0 is vulnerable to Cross Site Scripting XSS. Because files can be uploaded and online preview function is provided, pdf files and html files containing malicious code are uploaded, an XSS popup window is realized through online viewing...
Keking kkFileView ไปฃ็ ้ฎ้ขๆผๆด
Keking kkFileView is a Spring-Boot project for online previewing of documents from Keking Technology Keking. A security vulnerability exists in Keking kkFileView version 4.0, which originates from a cross-site request forgery that can be realized by an attacker through its...
Discuz plug-in arbitrary File Download vulnerability-vulnerability warning-the black bar safety net
A txt,word Online Preview of the plug-in,Plug-In address: http://www.discuz.net/forum.php?mod=viewthread&tid=3 1 6 9 5 5 6 AppleScript $doc=$GET'doc'; $doc="../../../".$ doc; $filename=$GET'filename'; $ext=$GET'ext'; //set file type if$ext=='doc' $ext="application/msword"; if$ext=='xls'...