EUVD-2022-3447

Malicious code in bioql PyPI...

GHSA-9V3W-M552-M6FF Pi Cross-site Scripting vulnerability

A Cross-Site Scripting XSS was discovered in pi-engine/pi 2.5.0. The vulnerability exists due to insufficient filtration of user-supplied data preview passed to the pi-develop/www/script/editor/markitup/preview/markdown.php URL. An attacker could execute arbitrary HTML and script code in a browse...

Pi Cross-site Scripting vulnerability

A Cross-Site Scripting XSS was discovered in pi-engine/pi 2.5.0. The vulnerability exists due to insufficient filtration of user-supplied data preview passed to the pi-develop/www/script/editor/markitup/preview/markdown.php URL. An attacker could execute arbitrary HTML and script code in a browse...

Pi Engine Cross-Site Scripting Vulnerability

PI Engine is an open-source CMS system that is more widely used within some Internet companies. A cross-site scripting vulnerability exists in PI Engine, which stems from the program failing to properly validate user-supplied input. When an unsuspecting user browses the affected site, an attacker...

CVE-2017-7251

A Cross-Site Scripting XSS was discovered in pi-engine/pi 2.5.0. The vulnerability exists due to insufficient filtration of user-supplied data preview passed to the "pi-develop/www/script/editor/markitup/preview/markdown.php" URL. An attacker could execute arbitrary HTML and script code in a...

Cross site scripting

A Cross-Site Scripting XSS was discovered in pi-engine/pi 2.5.0. The vulnerability exists due to insufficient filtration of user-supplied data preview passed to the "pi-develop/www/script/editor/markitup/preview/markdown.php" URL. An attacker could execute arbitrary HTML and script code in a...

CVE-2017-7251

A Cross-Site Scripting XSS was discovered in pi-engine/pi 2.5.0. The vulnerability exists due to insufficient filtration of user-supplied data preview passed to the "pi-develop/www/script/editor/markitup/preview/markdown.php" URL. An attacker could execute arbitrary HTML and script code in a...

CVE-2017-7251

Pi Engine vulnerability CVE-2017-7251 affects pi-engine/pi 2.5.0. The issue arises from insufficient filtration of user-supplied data in the preview path (pi-develop/www/script/editor/markitup/preview/markdown.php), allowing an attacker to execute arbitrary HTML and script code in a victim browse...

CVE-2017-7251

A Cross-Site Scripting XSS was discovered in pi-engine/pi 2.5.0. The vulnerability exists due to insufficient filtration of user-supplied data preview passed to the "pi-develop/www/script/editor/markitup/preview/markdown.php" URL. An attacker could execute arbitrary HTML and script code in a...

PI Engine Arbitrary File Download Vulnerability

PI Engine is an open-source CMS system that is more widely used within some Internet companies. The /download.php page of PI Engine is used to provide the file download function, but the function does not impose any restriction on file types, and there are flaws in the checking of paths, so an...

PI Engine Arbitrary File Read Vulnerability

PI Engine is an open source CMS system. The /browser.php page of PI Engine is used to provide file browsing functionality, which has flaws in checking file types and also does not correctly restrict file paths, allowing attackers to construct paths to access files in any directory...