7 matches found
CVE-2026-32753
FreeScout (PHP Laravel) vulnerability CVE-2026-32753 affects 1.8.208 and earlier. By bypassing the attachment view logic and SVG sanitizer, an attacker can upload an SVG masquerading as a safe image (e.g., xss.png with Content-Type image/svg+xml) and cause the server to render inline SVG containi...
Versa Director Authenticated Remote Code Execution (CVE-2024-39717)
The version of Versa Director installed on the remote host is affected by an authenticated remote code execution vulnerability: - The Versa Director GUI provides an option to customize the look and feel of the user interface. This option is only available for a user logged with...
CVE-2021-26699
OX App Suite before 7.10.3-rev4 and 7.10.4 before 7.10.4-rev4 allows SSRF via a shared SVG document that is mishandled by the imageconverter component when the .png extension is used...
Server side request forgery (ssrf)
OX App Suite before 7.10.3-rev4 and 7.10.4 before 7.10.4-rev4 allows SSRF via a shared SVG document that is mishandled by the imageconverter component when the .png extension is used...
CVE-2021-26699
OX App Suite before 7.10.3-rev4 and 7.10.4 before 7.10.4-rev4 allows SSRF via a shared SVG document that is mishandled by the imageconverter component when the .png extension is used...
XSS through image upload on contacts using svg file with png extension (NC-SA-2020-044)
A missing file type check in Nextcloud Contacts 3.4.0 allowed a malicious user to upload SVG files as PNG files to perform XSS attacks...
Nextcloud: XSS through image upload of contacts using svg file with png extension
Hello again, this is a bypass 89487 basically use the same payload file but change the extension to PNG Impact XSS or Open redirect when viewing the image of a contact...