8 matches found
Cross-site Scripting
webreinvent/vaahcms is vulnerable to Cross-Site Scripting. The vulnerability is due to improper sanitization in the storeAvatar upload method of UserBase.php, where crafted input can be stored and later executed in a user’s browser, allowing a remote attacker to run arbitrary JavaScript code...
CVE-2025-61183
Cross Site Scripting in vaahcms v.2.3.1 allows a remote attacker to execute arbitrary code via upload method in the storeAvatar method of UserBase.php...
CVE-2025-61183
Cross Site Scripting in vaahcms v.2.3.1 allows a remote attacker to execute arbitrary code via upload method in the storeAvatar method of UserBase.php...
CVE-2025-61183
Cross Site Scripting in vaahcms v.2.3.1 allows a remote attacker to execute arbitrary code via upload method in the storeAvatar method of UserBase.php...
PT-2025-41260
Name of the Vulnerable Software and Affected Versions vaahcms version 2.3.1 Description A cross-site scripting issue exists in vaahcms version 2.3.1. A remote attacker can potentially execute arbitrary code through the upload method within the storeAvatar function of the UserBase.php file...
CVE-2025-61183
Cross Site Scripting in vaahcms v.2.3.1 allows a remote attacker to execute arbitrary code via upload method in the storeAvatar method of UserBase.php...
vaahcms 安全漏洞
vaahcms is an open source web application development platform by WebReinvent Technologies Pvt Ltd. A security vulnerability exists in vaahcms version 2.3.1, which stems from cross-site scripting in the upload function of the storeAvatar method in UserBase.php, which could lead to the execution o...
EUVD-2025-33172
Cross Site Scripting in vaahcms v.2.3.1 allows a remote attacker to execute arbitrary code via upload method in the storeAvatar method of UserBase.php...