4 matches found
EUVD-2021-13231
Malware in sbrugna...
CVE-2024-57386
CVE-2024-57386 affects Wallos v2.41.0. A Cross Site Scripting vulnerability in the profile picture function allows a remote attacker to execute arbitrary code. The issue is documented across multiple sources (NVD, Red Hat, OSV, CNNVD, etc.). Exploitation vectors are not detailed beyond the profil...
CVE-2024-36257
Mattermost versions 9.5.x = 9.5.5 and 9.8.0, when using shared channels with multiple remote servers connected, fail to check that the remote server A requesting the server B to update the profile picture of a user is the remote that actually has the user as a local one . This allows a malicious...
HackerOne: profile-picture name parameter with large value lead to DoS for other users and programs on the platform
Summary: The issue persists as there are no text limitations for profile-picture name while uploading the profile-picture, these heavy text names can cause denial of service on different pages of hackerone. Description: I was checking the profile picture upload feature of hackerone and found out...