Lucene search
K

7 matches found

Vulnrichment
Vulnrichment
added 2026/03/26 8:25 p.m.1 views

CVE-2026-33738 Lychee Vulnerable to Stored XSS via Photo Description in RSS/Atom/JSON Feed (No Sanitization on Public Endpoint)

Lychee is a free, open-source photo-management tool. Prior to version 7.5.3, the photo description field is stored without HTML sanitization and rendered using !! $item-summary !! Blade unescaped output in the RSS, Atom, and JSON feed templates. The /feed endpoint is publicly accessible without...

4.8CVSS6AI score0.00214EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/03/26 8:25 p.m.23 views

CVE-2026-33738 Lychee Vulnerable to Stored XSS via Photo Description in RSS/Atom/JSON Feed (No Sanitization on Public Endpoint)

Lychee is a free, open-source photo-management tool. Prior to version 7.5.3, the photo description field is stored without HTML sanitization and rendered using !! $item-summary !! Blade unescaped output in the RSS, Atom, and JSON feed templates. The /feed endpoint is publicly accessible without...

4.8CVSS0.00214EPSS
Exploits1References4
NVD
NVD
added 2021/07/08 5:15 p.m.12 views

CVE-2020-18741

Improper Authorization in ThinkSAAS v2.7 allows remote attackers to modify the description of any user's photo via the "photoid%5B%5D" and "photodesc%5B%5D" parameters in the component "index.php?app=photo."...

5.3CVSS0.0094EPSS
Exploits1References1
OSV
OSV
added 2021/07/08 5:15 p.m.4 views

CVE-2020-18741

Improper Authorization in ThinkSAAS v2.7 allows remote attackers to modify the description of any user's photo via the "photoid%5B%5D" and "photodesc%5B%5D" parameters in the component "index.php?app=photo."...

5.3CVSS5.8AI score0.0094EPSS
Exploits1References1
CNNVD
CNNVD
added 2021/07/08 12:0 a.m.5 views

ThinkSAAS 安全漏洞

ThinkSAAS is an open source community development system based on PHP and MySQL. ThinkSAAS version 2.7 suffers from an authorization issue vulnerability, which can be exploited by remote attackers to modify the description of any user's photo via the "photoid\%5B\%5D" and...

5.3CVSS5.7AI score0.0094EPSS
Exploits1References2
CNVD
CNVD
added 2017/07/04 12:0 a.m.1 views

Synology Photo Station Cross-Site Scripting Vulnerability

Synology Photo Station is a solution for sharing pictures, videos and blogs over the Internet from Synology, a Chinese company. A cross-site scripting vulnerability exists in Synology Photo Station. The vulnerability can be exploited by remote attackers to inject arbitrary web script or HTML via...

5.4CVSS6AI score0.00886EPSS
Exploits0References1
CNVD
CNVD
added 2017/04/18 12:0 a.m.1 views

ClipBucket cross-site scripting vulnerability (CNVD-2017-05017)

ClipBucket is an open source video sharing software. The software allows you to share videos to video sites and supports the light off effect when watching a movie. A cross-site scripting vulnerability exists in ClipBucket version 2.7.0.5. A remote attacker can exploit this vulnerability by...

5.4CVSS6AI score0.00802EPSS
Exploits0References1
Rows per page
Query Builder