6 matches found
CVE-2025-66488
Discourse is an open source discussion platform. A vulnerability present in versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0 affects anyone who uses S3 for uploads. While scripts may be executed, they will only be run in the context of the S3/CDN domain, with no site credentials...
CVE-2019-16216
Zulip server before 2.0.5 incompletely validated the MIME types of uploaded files. A user who is logged into the server could upload files of certain types to mount a stored cross-site scripting attack on other logged-in users. On a Zulip server using the default local uploads backend, the attack...
EUVD-2019-7028
Malware in sbrugna...
Virtuozzo Hybrid Infrastructure 6.0 Update 1 Hotfix 1 (6.0.1-85)
This update provides stability and performance improvements. Vulnerability id: VSTOR-72592 Increased the speed of VM filtering in clusters with a huge number of existing projects. Vulnerability id: VSTOR-79462 Parts of a multipart object are not deleted. Vulnerability id: VSTOR-79650, VSTOR-80493...
CVE-2019-16216
Zulip server before 2.0.5 incompletely validated the MIME types of uploaded files. A user who is logged into the server could upload files of certain types to mount a stored cross-site scripting attack on other logged-in users. On a Zulip server using the default local uploads backend, the attack...
Cross site scripting
Zulip server before 2.0.5 incompletely validated the MIME types of uploaded files. A user who is logged into the server could upload files of certain types to mount a stored cross-site scripting attack on other logged-in users. On a Zulip server using the default local uploads backend, the attack...