CVE-2023-35783

The kesearch aka Faceted Search extension before 4.0.3, 4.1.x through 4.6.x before 4.6.6, and 5.x before 5.0.2 for TYPO3 allows XSS via indexed data...

PT-2021-14354 · Onedev · Onedev

Name of the Vulnerable Software and Affected Versions: OneDev versions prior to 4.0.3 Description: The issue is related to a pre-auth server side template injection via Bean validation message tampering in OneDev, an all-in-one devops platform. This was fixed in version 4.0.3 by disabling...

Zulip Desktop Cross-Site Scripting Vulnerability

Zulip Desktop is a desktop version of the team chat application from Zulip USA. A cross-site scripting vulnerability exists in Zulip Desktop versions prior to 4.0.3, which stems from the program validating user input incorrectly. A remote attacker could exploit the vulnerability to execute script...

Nibbleblog Arbitrary File Upload Vulnerability

NibbleBlog is a set of blogging engines. An arbitrary file upload vulnerability exists in the My Image plugin for Nibbleblog versions prior to 4.0.3. A remote attacker can exploit this vulnerability by uploading an executable file and sending a direct request to access the file to execute arbitra...