20 matches found
CVE-2026-53698
Silverpeas through 6.4.6 mishandles the "Personal space" feature that is selected when no componentId is set...
EUVD-2026-36068
Silverpeas through 6.4.6 mishandles the "Personal space" feature that is selected when no componentId is set...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal via the Personal space feature. that is selected when no componentId is set. An attacker can read files outside the intended directory by omitting componentId while selecting 'Personal space. Details A Directory...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal via the Personal space feature. that is selected when no componentId is set. An attacker can read files outside the intended directory by omitting componentId while selecting 'Personal space. Details A Directory...
CVE-2026-53698
Silverpeas through 6.4.6 mishandles the "Personal space" feature that is selected when no componentId is set...
PT-2026-48472
Silverpeas through 6.4.6 mishandles the "Personal space" feature that is selected when no componentId is set...
CVE-2026-53698
CVE-2026-53698 affects Silverpeas up to version 6.4.6, where the Personal space feature is mishandled when no componentId is set. The issue is described as a misbehavior in handling Personal space, with a CVSS v3.1 base score of 6.5 (Network attack vector, Low attack complexity, Privileges Requir...
CVE-2026-53698
Silverpeas through 6.4.6 mishandles the "Personal space" feature that is selected when no componentId is set...
CVE-2026-53698
Silverpeas through 6.4.6 mishandles the "Personal space" feature that is selected when no componentId is set...
Silverpeas 安全漏洞
Silverpeas is an open-source business collaboration platform developed by Silverpeas. This platform includes applications such as project management, blogs, forums, and document management. Versions of Silverpeas prior to 6.4.6 contained security vulnerabilities, which were caused by improper...
CVE-2025-40663
Stored Cross-Site Scripting XSS vulnerability in i2A-Cronos version 23.02.01.17, from i2A. It allows an authenticated attacker to upload a malicious SVG image into the user's personal space in /CronosWeb/Modules/Persons/PersonalDocuments/PersonalDocuments. There is no reported fix at this time...
CVE-2025-40663
Stored Cross-Site Scripting XSS vulnerability in i2A-Cronos version 23.02.01.17, from i2A. It allows an authenticated attacker to upload a malicious SVG image into the user's personal space in /CronosWeb/Modules/Persons/PersonalDocuments/PersonalDocuments. There is no reported fix at this time...
Discuz X3.0存储型XSS(应该是通杀)
简要描述: 过滤的不严格 详细说明: DZ3的日志功能,tamper data抓包并修改可插入恶意xss代码。 有效payload如下: 我还在那个什么叫习科的论坛上测试了一下,他们应该是dz2.5 也成功了。 在个人空间发布日志,利用方法和上面的一样。 漏洞证明: 第一张是dz3的最新版 我下了个GBK version: 第二张是习科的...
Discuz! X3 最新存储xss
简要描述: Discuz! X3 最新存储xss 详细说明: Discuz! X3 个人空间 -- 装扮空间处 开始 自定义 文字颜色处 构造语句exp//ressi//on:alertdocument.cookie IE 下触发 ,目前测试浏览器 IE 6、7 漏洞证明:...
Path traversal in HtmlExporter.java and FileXmlExporter.java
Both HtmlExporter.java and FileXmlExporter.java use the prepareExportFileName method inherited from AbstractExporterImpl.java|https://stash.atlassian.com/projects/CONF/repos/confluence/browse/confluence-core/confluence/src/java/com/atlassian/confluence/importexport/impl/AbstractExporterImpl.java9...
DiscuzX2个人空间图片EXIF信息XSS
简要描述: DiscuzX2个人空间图片EXIF信息XSS 详细说明: 图片里插入非法的EXIF信息。你懂的 xss漏洞产生。。。不过有点鸡肋,在特定条件下才能读取到EXIF信息。 漏洞证明: 图片里插入非法的EXIF信息。你懂的 img src="https://images.seebug.org/upload/201205/23215725fa5b5ae0b26fed9a7445b563cda46eb5.png" alt="" width="600" onerror="javascript:errimgthis;...
XSS vulnerability in space key, particularly with decorators off
panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Server. Using Confluence Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/CONFCLOUD-20865. panel As discovered while looking at CONF-20667, Confluence stores the space key unencoded in a content tag. Considerable...
Flying Forum personal space XSS vulnerability-vulnerability warning-the black bar safety net
Article author: knowledge seekers Version: ftbbs v7. 1static installation versionseems to be the latest Vulnerable page: usercenter. asp The vulnerability occurs in the blogmid filter is not strict lead to blogmid=Checkstrrequest. form"blogmid" if blogmid"" then sql="update "&ft&"clubuser set...
XSS in header for Personal Spaces
Create a user with username "alert'hahahaha' User creates a personal space Try to add a page to the personal space This is caused by code code However since the personal space doesn't work too well with usernames with crazy letters, I don't think its a Blocker...
XSS in header for Personal Spaces
Create a user with username "alert'hahahaha' User creates a personal space Try to add a page to the personal space This is caused by code code However since the personal space doesn't work too well with usernames with crazy letters, I don't think its a Blocker...