38 matches found
CVE-2026-6619
A vulnerability has been found in langgenius dify up to 1.13.3. Impacted is the function openInNewTab of the file web/app/components/base/image-uploader/image-preview.tsx of the component ImagePreview. The manipulation of the argument filename leads to cross site scripting. The attack may be...
Missing Authorization
Overview craftcms/cms is a content management system. Affected versions of this package are vulnerable to Missing Authorization in the assets/preview-file. An attacker can access unauthorized preview metadata by sending crafted requests with a controlled assetId parameter, allowing retrieval of...
Craft CMS: Authorized asset "preview file" requests bypass allows users without asset access to retrieve private preview metadata
Summary An authenticated low-privileged user can call assets/preview-file for an asset they are not authorized to view and still receive preview response data previewHtml for that private asset. The returned preview HTML included a private preview image route containing the target private assetId...
GHSA-44PX-QJJC-XRHQ Craft CMS: Authorized asset "preview file" requests bypass allows users without asset access to retrieve private preview metadata
Summary An authenticated low-privileged user can call assets/preview-file for an asset they are not authorized to view and still receive preview response data previewHtml for that private asset. The returned preview HTML included a private preview image route containing the target private assetId...
EUVD-2021-34752
Simple CMS 2.1 contains a non-persistent cross-site scripting vulnerability in the preview.php file's id parameter. Attackers can inject malicious script code through a GET request to execute arbitrary scripts and potentially hijack user sessions or perform phishing attacks...
Nextcloud Server IDOR Vulnerability (GHSA-h6j9-6xjq-44c4)
Nextcloud Server is prone to an Insecure Direct Object Reference IDOR vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
EUVD-2025-202875
A weakness has been identified in code-projects Class and Exam Timetable Management 1.0. Affected by this issue is some unknown functionality of the file /preview7.php. This manipulation of the argument courseyearsection/semester causes sql injection. Remote exploitation of the attack is possible...
CVE-2025-14537 code-projects Class and Exam Timetable Management preview7.php sql injection
A weakness has been identified in code-projects Class and Exam Timetable Management 1.0. Affected by this issue is some unknown functionality of the file /preview7.php. This manipulation of the argument courseyearsection/semester causes sql injection. Remote exploitation of the attack is possible...
CVE-2025-10827
A weakness has been identified in PHPJabbers Restaurant Menu Maker up to 1.1. Affected by this issue is some unknown functionality of the file /preview.php. This manipulation of the argument theme causes cross site scripting. The attack may be initiated remotely. The exploit has been made availab...
CVE-2025-10827
A weakness has been identified in PHPJabbers Restaurant Menu Maker up to 1.1. Affected by this issue is some unknown functionality of the file /preview.php. This manipulation of the argument theme causes cross site scripting. The attack may be initiated remotely. The exploit has been made availab...
CVE-2025-10827
A weakness has been identified in PHPJabbers Restaurant Menu Maker up to 1.1. Affected by this issue is some unknown functionality of the file /preview.php. This manipulation of the argument theme causes cross site scripting. The attack may be initiated remotely. The exploit has been made availab...
CVE-2025-10827
The CVE-2025-10827 entry concerns PHPJabbers Restaurant Menu Maker (versions up to 1.1). Affected functionality in the file /preview.php is vulnerable: manipulation of the theme parameter enables cross-site scripting. The issue can be exploited remotely and public exploit details are available. C...
PHPJABBERS Restaurant Menu Maker Project 代码注入漏洞
PHPJABBERS Restaurant Menu Maker Project is a PHPJABBERS open source menu maker project. A code injection vulnerability exists in PHPJABBERS Restaurant Menu Maker Project 1.1 and earlier versions, which stems from incorrect manipulation of the parameter theme in the file /preview.php, and could...
PHPJabbers Appointment Scheduler Cross-Site Scripting Vulnerability
PHPJabbers Appointment Scheduler is a Php-based appointment scheduler plugin for planning time and booking meeting schedules from PHPJabbers Serbia. A security vulnerability exists in PHPJabbers Appointment Scheduler version v3.0, which originates from a cross-site scripting XSS vulnerability in...
CVE-2023-40755
There is a Cross Site Scripting XSS vulnerability in the "theme" parameter of preview.php in PHPJabbers Callback Widget v1.0...
PT-2023-27620 · Phpjabbers · Phpjabbers Callback Widget
Name of the Vulnerable Software and Affected Versions: PHPJabbers Callback Widget version 1.0 Description: There is a Cross Site Scripting XSS vulnerability in the theme parameter of the "preview.php" file. This issue allows for malicious script execution. Recommendations: For PHPJabbers Callback...
CVE-2023-36137
There is a Cross Site Scripting XSS vulnerability in the "theme" parameter of preview.php in PHPJabbers Class Scheduling System 1.0...
CVE-2023-33560
There is a Cross Site Scripting XSS vulnerability in "cid" parameter of preview.php in PHPJabbers Time Slots Booking Calendar v3.3...
CVE-2023-3554
A vulnerability was found in GZ Scripts GZ Forum Script 1.8 and classified as problematic. Affected by this issue is some unknown functionality of the file /preview.php. The manipulation of the argument catid/topicid/topic/topicmessage/freename leads to cross site scripting. The attack may be...
PT-2023-25227 · Unknown · Gz Scripts Property Listing Script
Name of the Vulnerable Software and Affected Versions: GZ Scripts Property Listing Script version 1.0 Description: A problematic issue affects the processing of the file /preview.php, where the manipulation of the page/layout/sort by argument leads to cross-site scripting. The attack can be...