Lucene search
K

10 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2021-1698

Malware in sbrugna...

8CVSS6.2AI score0.00736EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.23 views

EUVD-2025-14378

Malicious code in bioql PyPI...

8.4CVSS6.5AI score0.00224EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/15 10:10 a.m.24 views

CVE-2025-4648

Download of Code Without Integrity Check vulnerability in Centreon web allows Reflected XSS. A user with elevated privileges can inject XSS by altering the content of a SVG media during the submit request. This issue affects web: from 24.10.0 before 24.10.5, from 24.04.0 before 24.04.11, from...

8.4CVSS6.5AI score0.00224EPSS
Exploits0References4
NVD
NVD
added 2025/05/13 10:15 a.m.46 views

CVE-2025-4648

The content of a SVG file, received as input in Centreon web, was not properly checked. Allows Reflected XSS. A user with elevated privileges can inject JS script by altering the content of a SVG media, during the submit request. This issue affects web: from 24.10.0 before 24.10.5, from 24.04.0...

8.4CVSS0.00224EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/05/13 9:45 a.m.10 views

CVE-2025-4648 A user with elevated privileges can inject XSS by altering the content of a SVG media during the submit request.

The content of a SVG file, received as input in Centreon web, was not properly checked. Allows Reflected XSS. A user with elevated privileges can inject JS script by altering the content of a SVG media, during the submit request. This issue affects web: from 24.10.0 before 24.10.5, from 24.04.0...

8.4CVSS6.3AI score0.00224EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/05/13 9:45 a.m.45 views

CVE-2025-4648 A user with elevated privileges can inject XSS by altering the content of a SVG media during the submit request.

The content of a SVG file, received as input in Centreon web, was not properly checked. Allows Reflected XSS. A user with elevated privileges can inject JS script by altering the content of a SVG media, during the submit request. This issue affects web: from 24.10.0 before 24.10.5, from 24.04.0...

8.4CVSS0.00224EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/02/06 4:50 a.m.12 views

CVE-2021-37710

Shopware is an open source eCommerce platform. Versions prior to 6.4.3.1 contain a Cross-Site Scripting vulnerability via SVG media files. Version 6.4.3.1 contains a patch. As workarounds for older versions of 6.1, 6.2, and 6.3, corresponding security measures are also available via a plugin...

8CVSS6.3AI score0.00736EPSS
Exploits0References1
Snyk
Snyk
added 2022/12/13 5:39 p.m.2 views

Cross-site Scripting (XSS)

Overview loofah is a general library for manipulating and transforming HTML/XML documents and fragments, built on top of Nokogiri. Affected versions of this package are vulnerable to Cross-site Scripting XSS due to improper neutralization of data URIs, via the image/svg+xml media type. Details...

6.1CVSS5.4AI score0.00792EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2021/08/23 7:43 p.m.38 views

Cross-Site Scripting via SVG media files

Impact Cross-Site Scripting via SVG media files Patches We recommend updating to the current version 6.4.3.1. You can get the update to 6.4.3.1 regularly via the Auto-Updater or directly via the download overview. https://www.shopware.com/en/download/shopware-6 Workarounds For older versions of...

8CVSS5.3AI score0.00736EPSS
Exploits0References4Affected Software2
Cvelist
Cvelist
added 2021/08/16 10:20 p.m.21 views

CVE-2021-37710 Cross-Site Scripting via SVG media files

Shopware is an open source eCommerce platform. Versions prior to 6.4.3.1 contain a Cross-Site Scripting vulnerability via SVG media files. Version 6.4.3.1 contains a patch. As workarounds for older versions of 6.1, 6.2, and 6.3, corresponding security measures are also available via a plugin...

8CVSS7.6AI score0.00736EPSS
Exploits0References2
Rows per page
Query Builder