80 matches found
CVE-2021-30140
LiquidFiles 3.4.15 has stored XSS through the "send email" functionality when sending a file via email to an administrator. When a file has no extension and contains malicious HTML / JavaScript content such as SVG with HTML content, the payload is executed upon a click. This is fixed in 3.5...
Cross site scripting
LiquidFiles 3.4.15 has stored XSS through the "send email" functionality when sending a file via email to an administrator. When a file has no extension and contains malicious HTML / JavaScript content such as SVG with HTML content, the payload is executed upon a click. This is fixed in 3.5...
CVE-2021-30140
LiquidFiles 3.4.15 has stored XSS through the "send email" functionality when sending a file via email to an administrator. When a file has no extension and contains malicious HTML / JavaScript content such as SVG with HTML content, the payload is executed upon a click. This is fixed in 3.5...
Verint Workforce Optimization (WFO) Injection Vulnerability
Verint Workforce Optimization is a unified suite of software and services for capturing interactions and managing employee performance across an enterprise or target area. A security vulnerability exists in Verint Workforce Optimization WFO version 15.2. An attacker could exploit the vulnerabilit...
CVE-2020-13480
Verint Workforce Optimization WFO 15.2 allows HTML injection via the "send email" feature...
CVE-2020-13480
Verint Workforce Optimization WFO 15.2 allows HTML injection via the "send email" feature...
Design/Logic Flaw
Verint Workforce Optimization WFO 15.2 allows HTML injection via the "send email" feature...
CVE-2020-13480
Verint Workforce Optimization WFO 15.2 allows HTML injection via the "send email" feature...
CVE-2020-13480
The connected records confirm CVE-2020-13480 affects Verint Workforce Optimization (WFO) version 15.2 and is caused by HTML injection via the Send Email feature. The vulnerability details indicate an injection in a functional path that could affect email composition/handling within WFO. No exploi...
CVE-2019-4394
IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 contain APIs that could be used by a local user to send email. IBM X-Force ID: 162232...
Server side request forgery (ssrf)
sendemail in graphite-web/webapp/graphite/composer/views.py in Graphite through 1.1.5 is vulnerable to SSRF. The vulnerable SSRF endpoint can be used by an attacker to have the Graphite web server request any resource. The response to this SSRF request is encoded into an image file and then sent ...
PYSEC-2019-151
sendemail in graphite-web/webapp/graphite/composer/views.py in Graphite through 1.1.5 is vulnerable to SSRF. The vulnerable SSRF endpoint can be used by an attacker to have the Graphite web server request any resource. The response to this SSRF request is encoded into an image file and then sent ...
PT-2019-8550 · Graphite +2 · Graphite +2
Name of the Vulnerable Software and Affected Versions: Graphite versions through 1.1.5 Graphite version 1.1.5 Description: The send email function in graphite-web/webapp/graphite/composer/views.py is vulnerable to Server-Side Request Forgery SSRF. An attacker can use the vulnerable SSRF endpoint ...
CVE-2018-14430
The Mondula Multi Step Form plugin through 1.2.5 for WordPress allows XSS via the fwdata id1, fwdata id2, fwdata id3, fwdata id4, or email field of the contact form, exploitable with an fwsendemail action to wp-admin/admin-ajax.php...
Zoll ePCR v2.6.4 iOS - Multiple Persistent Vulnerabilities
Document Title: =============== Zoll ePCR v2.6.4 iOS - Multiple Persistent Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1882 Release Date: ============= 2016-08-01 Vulnerability Laboratory ID VL-ID: ====================================...
Zoll ePCR v2.6.4 iOS - Multiple Persistent Vulnerabilities
Document Title: =============== Zoll ePCR v2.6.4 iOS - Multiple Persistent Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1882 Release Date: ============= 2016-07-31 Vulnerability Laboratory ID VL-ID: ====================================...
astana.gov.kz XSS vulnerability
Vulnerable URL: http://astana.gov.kz/kk/resetting/send-email Details: Description| Value ---|--- Patched:| No Latest check for patch:| 26.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated Google Pagerank| 0 VIP website status:| No Chec...
D-Link DIR-866L 'HNAP' and 'Send Email' Function Buffer Overflow Vulnerability
D-Link DIR-866L is a wireless router product from AUO D-Link. A buffer overflow vulnerability exists in the D-Link DIR-866L. An attacker can exploit this vulnerability to execute arbitrary code in an affected application, which may also result in a denial of service...
D-Link DIR-615 PING和Send Email缓冲区溢出漏洞
No description provided by source...
D-Link DIR-615 'PING' and 'Send Email' Buffer Overflow Vulnerability
The D-Link DIR-615 is a wireless router product from AUO. A buffer overflow vulnerability exists in the D-Link DIR-615 'PING' and 'Send Email', which allows remote attackers to exploit the vulnerability to submit a special request to crash the service...