7 matches found
CVE-2026-33738 Lychee Vulnerable to Stored XSS via Photo Description in RSS/Atom/JSON Feed (No Sanitization on Public Endpoint)
Lychee is a free, open-source photo-management tool. Prior to version 7.5.3, the photo description field is stored without HTML sanitization and rendered using !! $item-summary !! Blade unescaped output in the RSS, Atom, and JSON feed templates. The /feed endpoint is publicly accessible without...
CVE-2026-33738 Lychee Vulnerable to Stored XSS via Photo Description in RSS/Atom/JSON Feed (No Sanitization on Public Endpoint)
Lychee is a free, open-source photo-management tool. Prior to version 7.5.3, the photo description field is stored without HTML sanitization and rendered using !! $item-summary !! Blade unescaped output in the RSS, Atom, and JSON feed templates. The /feed endpoint is publicly accessible without...
CVE-2020-18741
Improper Authorization in ThinkSAAS v2.7 allows remote attackers to modify the description of any user's photo via the "photoid%5B%5D" and "photodesc%5B%5D" parameters in the component "index.php?app=photo."...
CVE-2020-18741
Improper Authorization in ThinkSAAS v2.7 allows remote attackers to modify the description of any user's photo via the "photoid%5B%5D" and "photodesc%5B%5D" parameters in the component "index.php?app=photo."...
ThinkSAAS 安全漏洞
ThinkSAAS is an open source community development system based on PHP and MySQL. ThinkSAAS version 2.7 suffers from an authorization issue vulnerability, which can be exploited by remote attackers to modify the description of any user's photo via the "photoid\%5B\%5D" and...
Synology Photo Station Cross-Site Scripting Vulnerability
Synology Photo Station is a solution for sharing pictures, videos and blogs over the Internet from Synology, a Chinese company. A cross-site scripting vulnerability exists in Synology Photo Station. The vulnerability can be exploited by remote attackers to inject arbitrary web script or HTML via...
ClipBucket cross-site scripting vulnerability (CNVD-2017-05017)
ClipBucket is an open source video sharing software. The software allows you to share videos to video sites and supports the light off effect when watching a movie. A cross-site scripting vulnerability exists in ClipBucket version 2.7.0.5. A remote attacker can exploit this vulnerability by...