Lucene search
K

73 matches found

Vulnrichment
Vulnrichment
added 2023/11/14 12:0 a.m.10 views

CVE-2023-45880

GibbonEdu Gibbon through version 25.0.0 allows Directory Traversal via the report template builder. An attacker can create a new Asset Component. The templateFileDestination parameter can be set to an arbitrary pathname and extension. This allows creation of PHP files outside of the uploads...

6.9AI score0.01211EPSS
Exploits1References1
Cvelist
Cvelist
added 2023/11/14 12:0 a.m.24 views

CVE-2023-45880

GibbonEdu Gibbon through version 25.0.0 allows Directory Traversal via the report template builder. An attacker can create a new Asset Component. The templateFileDestination parameter can be set to an arbitrary pathname and extension. This allows creation of PHP files outside of the uploads...

7.2AI score0.01211EPSS
Exploits1References1
OSV
OSV
added 2023/11/14 12:0 a.m.18 views

CVE-2023-45880

GibbonEdu Gibbon through version 25.0.0 allows Directory Traversal via the report template builder. An attacker can create a new Asset Component. The templateFileDestination parameter can be set to an arbitrary pathname and extension. This allows creation of PHP files outside of the uploads...

7.2CVSS6.9AI score0.01211EPSS
Exploits1References3
CVE
CVE
added 2023/11/14 12:0 a.m.34 views

CVE-2023-45880

GibbonEdu Gibbon (through v25.0.0) is affected by a Directory Traversal via the report template builder. The root cause is the templateFileDestination parameter, which can be set to an arbitrary path and extension, enabling an attacker to write PHP files outside the uploads directory directly int...

7.2CVSS6.9AI score0.01211EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2023/11/13 12:0 a.m.4 views

PT-2023-29742 · Gibbon · Gibbon

Name of the Vulnerable Software and Affected Versions: GibbonEdu Gibbon versions through 25.0.0 Description: The issue allows Directory Traversal via the report template builder. An attacker can create a new Asset Component. The templateFileDestination parameter can be set to an arbitrary pathnam...

7.2CVSS6.9AI score0.01211EPSS
Exploits1References6
WPVulnDB
WPVulnDB
added 2023/01/28 12:0 a.m.15 views

ShopLentor < 2.5.4 - Contributor+ Stored XSS

The plugin does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. PoC As a contributor, add a "WL : FAQ" Gutenberg block...

5.4CVSS5AI score0.00534EPSS
Exploits2Affected Software1
wpexploit
wpexploit
added 2023/01/28 12:0 a.m.358 views

ShopLentor < 2.5.4 - Contributor+ Stored XSS

The plugin does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. As a contributor, add a "WL : FAQ" Gutenberg block to ...

5.4CVSS5.2AI score0.00534EPSS
Exploits2
NVD
NVD
added 2017/09/12 6:29 p.m.17 views

CVE-2017-8918

XXE in Dive Assistant - Template Builder in Blackwave Dive Assistant - Desktop Edition 8.0 allows attackers to remotely view local files via a crafted template.xml file...

5.5CVSS5.2AI score0.02208EPSS
Exploits3References1
Prion
Prion
added 2017/09/12 6:29 p.m.9 views

Design/Logic Flaw

XXE in Dive Assistant - Template Builder in Blackwave Dive Assistant - Desktop Edition 8.0 allows attackers to remotely view local files via a crafted template.xml file...

4.3CVSS5.2AI score0.02208EPSS
Exploits3References1Affected Software1
OSV
OSV
added 2017/09/12 6:29 p.m.4 views

CVE-2017-8918

XXE in Dive Assistant - Template Builder in Blackwave Dive Assistant - Desktop Edition 8.0 allows attackers to remotely view local files via a crafted template.xml file...

5.5CVSS5.8AI score0.02208EPSS
Exploits3References1
CVE
CVE
added 2017/09/12 6:0 p.m.54 views

CVE-2017-8918

XXE in Blackwave Dive Assistant – Desktop Edition 8.0 (Dive Assistant Template Builder) allows an attacker to view local files via a crafted template.xml. The vulnerability is XML External Entity (XXE) injection in the template builder that processes XML templates, enabling local-file disclosure....

5.5CVSS5.2AI score0.02208EPSS
Exploits3References1Affected Software1
exploitpack
exploitpack
added 2017/05/12 12:0 a.m.30 views

Dive Assistant Template Builder 8.0 - XML External Entity Injection

Dive Assistant Template Builder 8.0 - XML External Entity Injection + Exploit Title: Dive Assistant - Template Builder XXE Injection + Date: 12-05-2017 + Exploit Author: Trent Gordon + Vendor Homepage: http://www.blackwave.com/ + Software Link:...

4.3CVSS0.1AI score0.02208EPSS
Exploits3
Exploit DB
Exploit DB
added 2017/05/12 12:0 a.m.31 views

Dive Assistant Template Builder 8.0 - XML External Entity Injection

Exploit Title: Dive Assistant - Template Builder XXE Injection + Date: 12-05-2017 + Exploit Author: Trent Gordon + Vendor Homepage: http://www.blackwave.com/ + Software Link: http://www.diveassistant.com/Products/DiveAssistantDesktop/index.aspx + Version: 8.0 + Tested on: Windows 7 SP1, Windows...

5.5CVSS5.6AI score0.02208EPSS
Exploits3
Rows per page
Query Builder