Lucene search
K

9 matches found

OSV
OSV
added 2024/12/23 5:13 p.m.6 views

CVE-2024-53276 GHSL-2024-092: Open CORS policy in home-gallery

Home-Gallery.org is a self-hosted open-source web gallery to browse personal photos and videos. In 1.15.0 and earlier, an open CORS policy in app.js may allow an attacker to view the images of home-gallery when it is using the default settings. The following express middleware allows any website ...

6.3CVSS6.3AI score0.0053EPSS
Exploits0References4
Packet Storm
Packet Storm
added 2024/06/24 12:0 a.m.387 views

Edu-Sharing Arbitrary File Upload

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Arbitrary File Upload product: edu-sharing metaVentis GmbH vulnerable versions: =8.0.8-RC2, =8.1.4-RC0, =9.0.0-RC19 CVE number: CVE-2024-28147 impact: high homepage:...

7.1AI score0.00831EPSS
Exploits1
NVD
NVD
added 2024/06/20 11:15 a.m.23 views

CVE-2024-28147

An authenticated user can upload arbitrary files in the upload function for collection preview images. An attacker may upload an HTML file that includes malicious JavaScript code which will be executed if a user visits the direct URL of the collection preview image Stored Cross Site Scripting. It...

7.4CVSS0.00831EPSS
Exploits1References3
CVE
CVE
added 2024/06/20 10:46 a.m.62 views

CVE-2024-28147

Edu-sharing (pre-9.0.0-RC19) is affected by CVE-2024-28147: an authenticated user can upload arbitrary files via the collection preview image upload, enabling Stored XSS through HTML/JavaScript execution when users access the direct image URL and potential DoS via SVG with nested XML entities. Af...

7.4CVSS7.4AI score0.00831EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2024/04/10 12:0 a.m.5 views

PT-2024-4409 · Unknown · Edu-Sharing

Name of the Vulnerable Software and Affected Versions: edu-sharing versions 8.0.8-RC2, 8.1.4-RC0, 9.0.0-RC19 can be simplified to: edu-sharing versions prior to 8.0.8-RC2, 8.1.4-RC0, and 9.0.0-RC19 However, given the instruction to consolidate ranges into the most concise form and considering the...

7.4CVSS6.7AI score0.00831EPSS
Exploits1References7
Prion
Prion
added 2022/12/01 9:15 p.m.14 views

Code injection

Nextcloud Server is an open source personal cloud server. Prior to versions 24.0.7 and 25.0.1, disabled download shares still allow download through preview images. Images could be downloaded and previews of documents first page can be downloaded without being watermarked. Versions 24.0.7 and...

5CVSS5.2AI score0.00598EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2022/12/01 8:54 p.m.17 views

CVE-2022-41970 Nextcloud Server's disabled download shares still allow download through preview images

Nextcloud Server is an open source personal cloud server. Prior to versions 24.0.7 and 25.0.1, disabled download shares still allow download through preview images. Images could be downloaded and previews of documents first page can be downloaded without being watermarked. Versions 24.0.7 and...

2.6CVSS5.2AI score0.00598EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/12/01 12:0 a.m.4 views

Nextcloud 安全漏洞

Nextcloud is a suite of open source, self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A security vulnerability exists in Nextcloud Server versions prior to 24.0.7, 25.0.1 and prior to 25.0.1, which stems from a disabled download share that...

5.3CVSS5.6AI score0.00598EPSS
Exploits0References4
Hacker One
Hacker One
added 2022/10/21 1:59 p.m.33 views

Nextcloud: Disabled download shares still allow download through preview images

Summary: Steps To Reproduce: 1. Share a folder and disable the "Allow download" permission 2. Now as the recipient of the file you can still download the preview of the file This is an issue for images but also for shared documents where viewing them in Collabora would present them watermarked bu...

5CVSS2.9AI score0.00598EPSS
Exploits0
Rows per page
Query Builder