Lucene search
+L

71 matches found

redhatcve
redhatcve
added 2025/05/22 6:25 p.m.8 views

CVE-2021-25278

FTAPI 4.0 through 4.10 allows XSS via an SVG document to the Background Image upload feature in the Submit Box Template Editor...

4.8CVSS5.9AI score0.0056EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/05/22 4:3 p.m.5 views

CVE-2020-25287

Pligg 2.0.3 allows remote authenticated users to execute arbitrary commands because the template editor can edit any file, as demonstrated by an admin/admineditor.php thefile=..%2Findex.php=Open request...

7.2CVSS7.7AI score0.02711EPSS
Exploits1
githubexploit
githubexploit
added 2025/04/22 5:0 a.m.106 views

cve

Vulnerability Title: Arbitrary File Read in QCMS Authenticate...

6.5AI score
Exploits0
cnnvd
cnnvd
added 2024/07/14 12:0 a.m.4 views

Tailoring Management System SQL Injection Vulnerability

Tailoring Management System is a tailoring management system from itsourcecode open source. SQL injection vulnerability exists in itsourcecode Tailoring Management System version 1.0, which originates from the parameter id/title/msg in the file templateEditor.php and can lead to SQL injection...

8.8CVSS7.8AI score0.0056EPSS
Exploits1References5
metasploit
metasploit
added 2024/06/13 7:55 p.m.588 views

Cacti Import Packages RCE

This exploit module leverages an arbitrary file write vulnerability CVE-2024-25641 in Cacti versions prior to 1.2.27 to achieve RCE. It abuses the Import Packages feature to upload a specially crafted package that embeds a PHP file. Cacti will extract this file to an accessible location. The modu...

9.1CVSS8.2AI score0.86303EPSS
Exploits17
alpinelinux
alpinelinux
added 2023/09/05 8:15 p.m.34 views

CVE-2023-39513

Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a Stored Cross-Site-Scripting XSS Vulnerability which allows an authenticated user to poison data stored in the cacti's database. These data will be viewed by administrative cacti...

6.1CVSS7AI score0.00769EPSS
Exploits1References6
nvd
nvd
added 2021/03/19 5:15 p.m.22 views

CVE-2021-25278

FTAPI 4.0 through 4.10 allows XSS via an SVG document to the Background Image upload feature in the Submit Box Template Editor...

4.8CVSS0.0056EPSS
Exploits0References2
osv
osv
added 2021/03/19 5:15 p.m.4 views

CVE-2021-25278

FTAPI 4.0 through 4.10 allows XSS via an SVG document to the Background Image upload feature in the Submit Box Template Editor...

4.8CVSS5.8AI score0.0056EPSS
Exploits0References2
prion
prion
added 2021/03/19 5:15 p.m.12 views

Design/Logic Flaw

FTAPI 4.0 through 4.10 allows XSS via an SVG document to the Background Image upload feature in the Submit Box Template Editor...

3.5CVSS4.8AI score0.0056EPSS
Exploits0References2Affected Software1
cve
cve
added 2021/03/19 4:42 p.m.42 views

CVE-2021-25278

The FTAPI vulnerability CVE-2021-25278 affects FTAPI versions 4.0–4.10 and is a cross-site scripting flaw in the Background Image upload feature of the Submit Box Template Editor. An attacker can exploit the issue by uploading an SVG file containing embedded JavaScript, which may compromise a vic...

4.8CVSS4.9AI score0.0056EPSS
Exploits0References2Affected Software1
cnnvd
cnnvd
added 2021/03/19 12:0 a.m.4 views

FTAPI SecuTransfer 跨站脚本漏洞

FTAPI is an end-to-end encrypted file transfer and data room solution with unlimited file size. A cross-site scripting vulnerability exists in the "Background Image" upload function in the "Submit Box Template Editor" in FTAPI 4.0 - 4.10. An attacker can exploit this vulnerability by uploading an...

4.8CVSS5.2AI score0.0056EPSS
Exploits0References3
hackerone
hackerone
added 2020/11/03 4:22 p.m.17 views

Stripo Inc: Stored XSS at Template Editor in "Section Name" Field of Block element 'Accordion'.

Summary: Hi Team, There is "Stored XSS" in Template Editor. When creating Accordion, "Section Name" field does not properly sanitize the input provided by the User leading to Stored XSS. See the Proof Of Concept below. Thank You. Steps To Reproduce: A. Open Template Editor and insert element...

6.8AI score
Exploits0
hackerone
hackerone
added 2020/10/02 8:20 a.m.21 views

Stripo Inc: Stored XSS at "Conditions " through "My Custom Rule" Field at [https://my.stripo.email/cabinet/#/template-editor/] in Template Editor.

Summary: Hi Team, There is "Stored XSS" in "Conditions" . When creating "My Custom Rule", you have to provide a name, whereas "My Custom Rule " field does not properly sanitize the input provided by the User leading to Stored XSS. Other fields are properly sanitizing the input. See the video Pock...

6AI score
Exploits0
osv
osv
added 2020/09/13 6:15 p.m.0 views

CVE-2020-25287

Pligg 2.0.3 allows remote authenticated users to execute arbitrary commands because the template editor can edit any file, as demonstrated by an admin/admineditor.php thefile=..%2Findex.php&open=Open request...

7.2CVSS7.3AI score0.02711EPSS
Exploits1References1
prion
prion
added 2020/09/13 6:15 p.m.17 views

Design/Logic Flaw

Pligg 2.0.3 allows remote authenticated users to execute arbitrary commands because the template editor can edit any file, as demonstrated by an admin/admineditor.php thefile=..%2Findex.php&open=Open request...

6.5CVSS7.1AI score0.02711EPSS
Exploits1References1Affected Software1
cvelist
cvelist
added 2020/09/13 5:58 p.m.28 views

CVE-2020-25287

Pligg 2.0.3 allows remote authenticated users to execute arbitrary commands because the template editor can edit any file, as demonstrated by an admin/admineditor.php thefile=..%2Findex.php&open=Open request...

7.2AI score0.02711EPSS
Exploits1References1
nvd
nvd
added 2019/08/05 12:15 p.m.21 views

CVE-2017-18464

cPanel before 62.0.17 allows arbitrary file-overwrite operations via the WHM Zone Template editor SEC-226...

5.5CVSS5.3AI score0.00714EPSS
Exploits0References1
osv
osv
added 2019/08/05 12:15 p.m.3 views

CVE-2017-18464

cPanel before 62.0.17 allows arbitrary file-overwrite operations via the WHM Zone Template editor SEC-226...

4.9CVSS5.9AI score0.00714EPSS
Exploits0References1
prion
prion
added 2019/08/05 12:15 p.m.21 views

Design/Logic Flaw

cPanel before 62.0.17 allows arbitrary file-overwrite operations via the WHM Zone Template editor SEC-226...

5.5CVSS5.3AI score0.00714EPSS
Exploits0References1Affected Software1
cvelist
cvelist
added 2019/08/05 11:49 a.m.18 views

CVE-2017-18464

cPanel before 62.0.17 allows arbitrary file-overwrite operations via the WHM Zone Template editor SEC-226...

5.3AI score0.00714EPSS
Exploits0References1
Rows per page
Query Builder