71 matches found
CVE-2021-25278
FTAPI 4.0 through 4.10 allows XSS via an SVG document to the Background Image upload feature in the Submit Box Template Editor...
CVE-2020-25287
Pligg 2.0.3 allows remote authenticated users to execute arbitrary commands because the template editor can edit any file, as demonstrated by an admin/admineditor.php thefile=..%2Findex.php=Open request...
cve
Vulnerability Title: Arbitrary File Read in QCMS Authenticate...
Tailoring Management System SQL Injection Vulnerability
Tailoring Management System is a tailoring management system from itsourcecode open source. SQL injection vulnerability exists in itsourcecode Tailoring Management System version 1.0, which originates from the parameter id/title/msg in the file templateEditor.php and can lead to SQL injection...
Cacti Import Packages RCE
This exploit module leverages an arbitrary file write vulnerability CVE-2024-25641 in Cacti versions prior to 1.2.27 to achieve RCE. It abuses the Import Packages feature to upload a specially crafted package that embeds a PHP file. Cacti will extract this file to an accessible location. The modu...
CVE-2023-39513
Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a Stored Cross-Site-Scripting XSS Vulnerability which allows an authenticated user to poison data stored in the cacti's database. These data will be viewed by administrative cacti...
CVE-2021-25278
FTAPI 4.0 through 4.10 allows XSS via an SVG document to the Background Image upload feature in the Submit Box Template Editor...
CVE-2021-25278
FTAPI 4.0 through 4.10 allows XSS via an SVG document to the Background Image upload feature in the Submit Box Template Editor...
Design/Logic Flaw
FTAPI 4.0 through 4.10 allows XSS via an SVG document to the Background Image upload feature in the Submit Box Template Editor...
CVE-2021-25278
The FTAPI vulnerability CVE-2021-25278 affects FTAPI versions 4.0–4.10 and is a cross-site scripting flaw in the Background Image upload feature of the Submit Box Template Editor. An attacker can exploit the issue by uploading an SVG file containing embedded JavaScript, which may compromise a vic...
FTAPI SecuTransfer 跨站脚本漏洞
FTAPI is an end-to-end encrypted file transfer and data room solution with unlimited file size. A cross-site scripting vulnerability exists in the "Background Image" upload function in the "Submit Box Template Editor" in FTAPI 4.0 - 4.10. An attacker can exploit this vulnerability by uploading an...
Stripo Inc: Stored XSS at Template Editor in "Section Name" Field of Block element 'Accordion'.
Summary: Hi Team, There is "Stored XSS" in Template Editor. When creating Accordion, "Section Name" field does not properly sanitize the input provided by the User leading to Stored XSS. See the Proof Of Concept below. Thank You. Steps To Reproduce: A. Open Template Editor and insert element...
Stripo Inc: Stored XSS at "Conditions " through "My Custom Rule" Field at [https://my.stripo.email/cabinet/#/template-editor/] in Template Editor.
Summary: Hi Team, There is "Stored XSS" in "Conditions" . When creating "My Custom Rule", you have to provide a name, whereas "My Custom Rule " field does not properly sanitize the input provided by the User leading to Stored XSS. Other fields are properly sanitizing the input. See the video Pock...
CVE-2020-25287
Pligg 2.0.3 allows remote authenticated users to execute arbitrary commands because the template editor can edit any file, as demonstrated by an admin/admineditor.php thefile=..%2Findex.php&open=Open request...
Design/Logic Flaw
Pligg 2.0.3 allows remote authenticated users to execute arbitrary commands because the template editor can edit any file, as demonstrated by an admin/admineditor.php thefile=..%2Findex.php&open=Open request...
CVE-2020-25287
Pligg 2.0.3 allows remote authenticated users to execute arbitrary commands because the template editor can edit any file, as demonstrated by an admin/admineditor.php thefile=..%2Findex.php&open=Open request...
CVE-2017-18464
cPanel before 62.0.17 allows arbitrary file-overwrite operations via the WHM Zone Template editor SEC-226...
CVE-2017-18464
cPanel before 62.0.17 allows arbitrary file-overwrite operations via the WHM Zone Template editor SEC-226...
Design/Logic Flaw
cPanel before 62.0.17 allows arbitrary file-overwrite operations via the WHM Zone Template editor SEC-226...
CVE-2017-18464
cPanel before 62.0.17 allows arbitrary file-overwrite operations via the WHM Zone Template editor SEC-226...