12 matches found
BIT-PARSE-2026-31868 Parse Server has Stored XSS via file upload of HTML-renderable file types
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0 and 8.6.30, an attacker can upload a file with a file extension or content type that is not blocked by the default configuration of the Parse Server fileUpload.fileExtensions...
CVE-2026-31868
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.4 and 8.6.30, an attacker can upload a file with a file extension or content type that is not blocked by the default configuration of the Parse Server...
CVE-2026-31868 Parse Server has Stored XSS via file upload of HTML-renderable file types
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.4 and 8.6.30, an attacker can upload a file with a file extension or content type that is not blocked by the default configuration of the Parse Server...
CVE-2026-31868
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.4 and 8.6.30, an attacker can upload a file with a file extension or content type that is not blocked by the default configuration of the Parse Server...
EUVD-2024-17269
Malicious code in bioql PyPI...
CVE-2024-1521
The Elementor Website Builder Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an SVGZ file uploaded via the Form widget in all versions up to, and including, 3.20.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
CVE-2024-1521
The Elementor Website Builder Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an SVGZ file uploaded via the Form widget in all versions up to, and including, 3.20.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
CVE-2024-1521 Elementor Website Builder Pro <= 3.20.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Form Widget SVGZ File Upload
The Elementor Website Builder Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an SVGZ file uploaded via the Form widget in all versions up to, and including, 3.20.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
CVE-2024-1521
CVE-2024-1521 affects the Elementor Website Builder Pro plugin for WordPress. It enables Stored Cross-Site Scripting through an SVGZ file uploaded via the Form widget in all versions up to and including 3.20.1, due to insufficient input sanitization and output escaping. Exploitation requires auth...
CVE-2024-1521
The Elementor Website Builder Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an SVGZ file uploaded via the Form widget in all versions up to, and including, 3.20.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
Elementor Website Builder Pro < 3.20.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Form Widget SVGZ File Upload
Description The Elementor Website Builder Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an SVGZ file uploaded via the Form widget in all versions up to, and including, 3.20.1 due to insufficient input sanitization and output escaping. This makes it possible for...
PT-2024-18109 · Apache +2 · Apache Http Server +2
Name of the Vulnerable Software and Affected Versions: Elementor Website Builder Pro plugin for WordPress versions up to, and including, 3.20.1 Description: The vulnerability is a Stored Cross-Site Scripting issue that occurs when an SVGZ file is uploaded via the Form widget, due to insufficient...