Lucene search
K

5 matches found

RedhatCVE
RedhatCVE
added 2025/12/18 11:36 p.m.6 views

CVE-2023-53924

UliCMS 2023.1-sniffing-vicuna contains a remote code execution vulnerability that allows authenticated attackers to upload PHP files with .phar extension during profile avatar upload. Attackers can trigger code execution by visiting the uploaded file's location, enabling system command execution...

8.8CVSS8.3AI score0.00794EPSS
Exploits1References1
CVE
CVE
added 2025/12/15 8:28 p.m.9 views

CVE-2023-53876

CVE-2023-53876 affects Academy LMS 6.1 and is a file-upload vulnerability that lets authenticated users upload malicious SVGs containing stored XSS via the profile avatar upload feature by altering extensions and embedding JavaScript. Root cause: lax file-type handling permitting SVG execution. I...

5.4CVSS5.8AI score0.00209EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2025/12/15 12:0 a.m.6 views

PT-2025-51294

Name of the Vulnerable Software and Affected Versions Academy LMS version 6.1 Description Academy LMS version 6.1 has a file upload issue. Authenticated users can upload malicious SVG files containing stored cross-site scripting payloads. An attacker can inject malicious scripts through the profi...

5.4CVSS6AI score0.00209EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2024/11/15 12:0 a.m.5 views

PT-2024-10981 · Chatwoot · Chatwoot

Name of the Vulnerable Software and Affected Versions: chatwoot/chatwoot versions prior to 2.6 Description: A stored cross-site scripting XSS vulnerability was discovered, affecting the profile settings when a user uploads an SVG file containing a malicious XSS payload. When the avatar is opened ...

7.8CVSS6.9AI score0.00285EPSS
Exploits0References10
OSV
OSV
added 2020/07/15 8:15 p.m.4 views

CVE-2020-12854

A remote code execution vulnerability was identified in SecZetta NEProfile 3.3.11. Authenticated remote adversaries can invoke code execution upon uploading a carefully crafted JPEG file as part of the profile avatar...

8.8CVSS7.8AI score0.02975EPSS
Exploits1References2
Rows per page
Query Builder