22 matches found
CVE-2026-1879
A vulnerability was detected in Harvard University IQSS Dataverse up to 6.8. This affects an unknown function of the file /ThemeAndWidgets.xhtml of the component Theme Customization. Performing a manipulation of the argument uploadLogo results in unrestricted upload. Remote exploitation of the...
EUVD-2026-17851
A vulnerability was detected in Harvard University IQSS Dataverse up to 6.8. This affects an unknown function of the file /ThemeAndWidgets.xhtml of the component Theme Customization. Performing a manipulation of the argument uploadLogo results in unrestricted upload. Remote exploitation of the...
CVE-2026-1879
A vulnerability was detected in Harvard University IQSS Dataverse up to 6.8. This affects an unknown function of the file /ThemeAndWidgets.xhtml of the component Theme Customization. Performing a manipulation of the argument uploadLogo results in unrestricted upload. Remote exploitation of the...
CVE-2026-1879
A vulnerability was detected in Harvard University IQSS Dataverse up to 6.8. This affects an unknown function of the file /ThemeAndWidgets.xhtml of the component Theme Customization. Performing a manipulation of the argument uploadLogo results in unrestricted upload. Remote exploitation of the...
CVE-2026-1879 Harvard University IQSS Dataverse Theme Customization ThemeAndWidgets.xhtml unrestricted upload
A vulnerability was detected in Harvard University IQSS Dataverse up to 6.8. This affects an unknown function of the file /ThemeAndWidgets.xhtml of the component Theme Customization. Performing a manipulation of the argument uploadLogo results in unrestricted upload. Remote exploitation of the...
CVE-2026-1879 Harvard University IQSS Dataverse Theme Customization ThemeAndWidgets.xhtml unrestricted upload
A vulnerability was detected in Harvard University IQSS Dataverse up to 6.8. This affects an unknown function of the file /ThemeAndWidgets.xhtml of the component Theme Customization. Performing a manipulation of the argument uploadLogo results in unrestricted upload. Remote exploitation of the...
CVE-2026-1879
CVE-2026-1879 affects Harvard IQSS Dataverse (up to 6.8) in the Theme Customization component, specifically the ThemeAndWidgets.xhtml file. A manipulation of the argument uploadLogo enables unrestricted file upload, enabling remote exploitation. The exploit is public, and upgrading to version 6.1...
PT-2026-29508
A vulnerability was detected in Harvard University IQSS Dataverse up to 6.8. This affects an unknown function of the file /ThemeAndWidgets.xhtml of the component Theme Customization. Performing a manipulation of the argument uploadLogo results in unrestricted upload. Remote exploitation of the...
CVE-2023-53919
PodcastGenerator 3.2.9 contains a stored cross-site scripting vulnerability in the Freebox content field accessible through the theme customization interface themefreebox.php. Malicious JavaScript payloads injected into the Freebox content execute when users visit the application's home page...
EUVD-2023-60212
PodcastGenerator 3.2.9 contains a stored cross-site scripting vulnerability in the Freebox content field accessible through the theme customization interface themefreebox.php. Malicious JavaScript payloads injected into the Freebox content execute when users visit the application's home page...
CVE-2023-53919
PodcastGenerator 3.2.9 contains a stored cross-site scripting vulnerability in the Freebox content field accessible through the theme customization interface themefreebox.php. Malicious JavaScript payloads injected into the Freebox content execute when users visit the application's home page...
CVE-2023-53919
PodcastGenerator 3.2.9 contains a stored cross-site scripting vulnerability in the Freebox content field accessible through the theme customization interface themefreebox.php. Malicious JavaScript payloads injected into the Freebox content execute when users visit the application's home page...
CVE-2023-53919 PodcastGenerator Stored Cross-Site Scripting via Freebox Content Field
PodcastGenerator 3.2.9 contains a stored cross-site scripting vulnerability in the Freebox content field accessible through the theme customization interface themefreebox.php. Malicious JavaScript payloads injected into the Freebox content execute when users visit the application's home page...
CVE-2023-53919 PodcastGenerator Stored Cross-Site Scripting via Freebox Content Field
PodcastGenerator 3.2.9 contains a stored cross-site scripting vulnerability in the Freebox content field accessible through the theme customization interface themefreebox.php. Malicious JavaScript payloads injected into the Freebox content execute when users visit the application's home page...
CVE-2023-53919
CVE-2023-53919 affects PodcastGenerator 3.2.9, with a stored cross-site scripting flaw in the Freebox content field via the theme_freebox.php interface. Attacker-supplied JavaScript placed in Freebox content can execute when users visit the home page. Public documentation confirms the issue and p...
PT-2025-51957
Name of the Vulnerable Software and Affected Versions PodcastGenerator version 3.2.9 Description The software contains a stored cross-site scripting issue in the Freebox content field. This field is accessible through the theme customization interface, specifically the 'theme freebox.php'...
WordPress Customify plugin cross-site request forgery vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A cross-site request forgery vulnerability exists in the WordPress Customify plugin, which stems from missing or incorrect random number validation in the resetcustomizesection...
WordPress plugin Customify 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A cross-site request forgery vulnerability exists in the WordPress Customify plugin, which stems from missing or incorrect random number validation in the resetcustomizesection...
Sandbox Bypass
winter/wn-cms-module is vulnerable to Sandbox Bypass. The vulnerability is due to inadequate enforcement of the sandbox in Twig, allowing users with specific permissions to modify theme customization values, templates, or model data through Twig templates...
Description of the security update for SharePoint Server Subscription Edition: March 12, 2024 (KB5002564)
Description of the security update for SharePoint Server Subscription Edition: March 12, 2024 KB5002564 Summary This security update resolves a Microsoft SharePoint Server remote code execution vulnerability. To learn more about the vulnerability, see Microsoft Common Vulnerabilities and Exposure...