33 matches found
CVE-2021-33347
An issue was discovered in JPress v3.3.0 and below. There are XSS vulnerabilities in the template module and tag management module. If you log in to the background by means of weak password, the storage XSS vulnerability can occur...
Arbitrary File Upload
ms-mcms is vulnerable to Arbitrary File Upload. The vulnerability is due to insufficient validation of uploaded ZIP files in the New Template module, allowing attackers to upload crafted files that can be executed on the server, leading to arbitrary code execution...
EUVD-2021-20055
Malware in sbrugna...
EUVD-2015-4420
Malware in sbrugna...
EUVD-2022-0498
Malicious code in bioql PyPI...
EUVD-2024-49078
Malicious code in bioql PyPI...
Metasploit Wrap-Up 07/11/2025
Active Directory LDAP Library This week Metasploit added a library for working with Active Directory Domain Controllers over LDAP. The library consolidates common functionality and implements a caching mechanism to support common operations such as looking up objects by their DN, sAMAccountName, ...
CVE-2024-8304
A vulnerability has been found in jpress up to 5.1.1 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/template/edit of the component Template Module Handler. The manipulation leads to path traversal. The attack can be launched remotely. The...
CVE-2022-22929
MCMS v5.2.4 was discovered to have an arbitrary file upload vulnerability in the New Template module, which allows attackers to execute arbitrary code via a crafted ZIP file...
CVE-2024-8304
A vulnerability has been found in jpress up to 5.1.1 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/template/edit of the component Template Module Handler. The manipulation leads to path traversal. The attack can be launched remotely. The...
CVE-2024-8304
A vulnerability has been found in jpress up to 5.1.1 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/template/edit of the component Template Module Handler. The manipulation leads to path traversal. The attack can be launched remotely. The...
CVE-2024-8304 jpress Template Module edit path traversal
A vulnerability has been found in jpress up to 5.1.1 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/template/edit of the component Template Module Handler. The manipulation leads to path traversal. The attack can be launched remotely. The...
CVE-2024-8304 jpress Template Module edit path traversal
A vulnerability has been found in jpress up to 5.1.1 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/template/edit of the component Template Module Handler. The manipulation leads to path traversal. The attack can be launched remotely. The...
PT-2024-38929 · Jpress · Jpress
Name of the Vulnerable Software and Affected Versions: jpress versions up to 5.1.1 Description: A critical vulnerability has been found in the Template Module Handler component of jpress, affecting an unknown functionality of the file /admin/template/edit. The manipulation leads to path traversal...
USN-6574-1 Go vulnerabilities
Takeshi Kaneko discovered that Go did not properly handle comments and special tags in the script context of html/template module. An attacker could possibly use this issue to inject Javascript code and perform a cross site scripting attack. This issue only affected Go 1.20 in Ubuntu 20.04 LTS,...
SUSE CVE-2015-8509
Template.pm in Bugzilla 2.x, 3.x, and 4.x before 4.2.16, 4.3.x and 4.4.x before 4.4.11, and 4.5.x and 5.0.x before 5.0.2 does not properly construct CSV files, which allows remote attackers to obtain sensitive information by leveraging a web browser that interprets CSV data as JavaScript code...
CVE-2022-22929
MCMS v5.2.4 was discovered to have an arbitrary file upload vulnerability in the New Template module, which allows attackers to execute arbitrary code via a crafted ZIP file...
CVE-2022-22929
MCMS v5.2.4 was discovered to have an arbitrary file upload vulnerability in the New Template module, which allows attackers to execute arbitrary code via a crafted ZIP file...
CVE-2022-22929
MCMS v5.2.4 was discovered to have an arbitrary file upload vulnerability in the New Template module, which allows attackers to execute arbitrary code via a crafted ZIP file...
Privilege escalation
MCMS v5.2.4 was discovered to have an arbitrary file upload vulnerability in the New Template module, which allows attackers to execute arbitrary code via a crafted ZIP file...