Lucene search
K

12 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 10:53 a.m.9 views

CVE-2022-33009

A stored cross-site scripting XSS vulnerability in LightCMS v1.3.11 allows attackers to execute arbitrary web scripts or HTML via uploading a crafted PDF file...

4.8CVSS5.6AI score0.00648EPSS
Exploits1References1
NVD
NVD
added 2025/03/10 6:15 p.m.7 views

CVE-2024-55199

A Stored Cross Site Scripting XSS vulnerability in Celk Sistemas Celk Saude v.3.1.252.1 allows a remote attacker to store JavaScript code inside a PDF file through the file upload feature. When the file is rendered, the injected code is executed on the user's browser...

5.4CVSS0.00284EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/03/10 12:0 a.m.10 views

CVE-2024-55199

A Stored Cross Site Scripting XSS vulnerability in Celk Sistemas Celk Saude v.3.1.252.1 allows a remote attacker to store JavaScript code inside a PDF file through the file upload feature. When the file is rendered, the injected code is executed on the user's browser...

0.00284EPSS
Exploits1References2
CVE
CVE
added 2025/03/10 12:0 a.m.45 views

CVE-2024-55199

CVE-2024-55199 describes a Stored XSS in Celk Sistemas Celk Saude v3.1.252.1. The vulnerability allows an attacker to embed JavaScript inside a PDF uploaded via the file-upload feature; when the PDF is rendered, the script executes in the user’s browser. Affected product/version: Celk Saude v3.1....

5.4CVSS6AI score0.00284EPSS
Exploits1References2Affected Software1
Huntr
Huntr
added 2024/10/23 4:53 p.m.8 views

XSS by uploading pdf file

This report is not public...

5.4CVSS7.1AI score0.00359EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2024/10/02 12:0 a.m.5 views

PT-2024-31856 · Zenario · Zenario

Name of the Vulnerable Software and Affected Versions: Zenario version 9.7.61188 Description: The issue allows authenticated admin users to upload PDF files containing malicious code into the target system. If the PDF file is accessed through the website, it can trigger a Cross Site Scripting XSS...

4.8CVSS4.9AI score0.00334EPSS
Exploits1References10
OSV
OSV
added 2024/06/05 2:15 p.m.37 views

GHSA-4M3G-6R7G-JV4F Arbitrary JavaScript execution due to using outdated libraries

Summary gradio-pdf projects with dependencies on the pdf.js library are vulnerable to CVE-2024-4367, which allows arbitrary JavaScript execution. PoC 1. Generate a pdf file with a malicious script in the fontmatrix. This will run alert‘XSS’. poc.pdf 2. Run the app. In this PoC, I've used the demo...

3.6CVSS8.4AI score
Exploits0References3
CVE
CVE
added 2024/05/15 7:26 p.m.54 views

CVE-2024-34909

KYKMS is affected by an arbitrary file upload vulnerability (KYKMS v1.0.1 and below) that enables an attacker to execute arbitrary code by uploading a crafted PDF. Root cause: improper handling of uploaded files leading to code execution. Public disclosures across multiple sources confirm the vul...

9.8CVSS7.7AI score0.00455EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2024/04/03 10:15 p.m.9 views

CVE-2024-27705

Cross Site Scripting vulnerability in Leantime v3.0.6 allows attackers to execute arbitrary code via upload of crafted PDF file to the files/browse endpoint...

7.6CVSS7.3AI score0.00556EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/04/03 12:0 a.m.17 views

CVE-2024-27705

Cross Site Scripting vulnerability in Leantime v3.0.6 allows attackers to execute arbitrary code via upload of crafted PDF file to the files/browse endpoint...

7.2AI score0.00556EPSS
Exploits1References1
Prion
Prion
added 2022/08/03 1:15 a.m.18 views

Privilege escalation

BigTree CMS 4.4.16 was discovered to contain an arbitrary file upload vulnerability which allows attackers to execute arbitrary code via a crafted PDF file...

4.9CVSS6.1AI score0.00458EPSS
Exploits1References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2014/02/21 12:0 a.m.171 views

MediaWiki thumb.php 'w' Parameter Remote Shell Command Injection

The version of MediaWiki running on the remote host is affected by a remote command injection vulnerability due to a failure to properly sanitize user-supplied input to the 'w' parameter in the 'thumb.php' script. A remote, unauthenticated attacker can exploit this issue to execute arbitrary...

6CVSS9.1AI score0.42777EPSS
Exploits12References7
Rows per page
Query Builder