4 matches found
CVE-2026-44259
efw4.X is an Enterprise Framework for Web. Prior to 4.08.010, the previewServlet serves files with their detected MIME type based on file extension, without any content sanitization or security headers. Files with .html, .htm, or .svg extensions are served as text/html or image/svg+xml...
CVE-2026-44259
efw4.X is an Enterprise Framework for Web. Prior to 4.08.010, the previewServlet serves files with their detected MIME type based on file extension, without any content sanitization or security headers. Files with .html, .htm, or .svg extensions are served as text/html or image/svg+xml...
CVE-2026-44259
efw4.X: Stored XSS via previewServlet affects versions prior to 4.08.010. The previewServlet serves files by inferring MIME type from file extensions (e.g., .html, .htm -> text/html; .svg -> image/svg+xml) without sanitizing content or applying security headers. This can cause embedded Java...
EFW Framework 安全漏洞
EFW Framework is an enterprise-level web development framework developed by the efw group, based on Ajax and server-side JavaScript. Versions of the EFW Framework prior to 4.08.010 contained security vulnerabilities. These vulnerabilities stemmed from the previewServlet not performing content...