Cross-site Scripting (XSS)

pimcore/pimcore is vulnerable to cross-site scripting. An attacker can inject and execute malicious javascript through the pricing rule of online shop in EcommerceFrameworkBundle, image thumbnails in settings, and video thumbnails in settings...

CVE-2022-0169

The Photo Gallery by 10Web WordPress plugin before 1.6.0 does not validate and escape the bwgtagidbwgthumbnails0 parameter before using it in a SQL statement via the bwgfrontenddata AJAX action available to unauthenticated and authenticated users, leading to an unauthenticated SQL injection...

WordPress plugin SQL注入漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. WordPress plugin is a WordPress open source application plugin. WordPress Photo Gallery by 10Web plugin version 1.6.0...

Cross-site Scripting (XSS) - Stored

Description pimcore datahub is vulnerable to Stored XSS in multiple places including: 1 the Pricing Rule of Online Shop in EcommerceFrameworkBundle. Whenever an admin user access Pricing Rule, a stored XSS will be triggered. 2 Image Thumbnails in Settings. Whenever an admin user access Image...

Nextcloud Android app information disclosure vulnerability (CNVD-2022-18414)

Nextcloud Android app is an Android-based mobile application for accessing Nextcloud servers from the German company Nextcloud. information disclosure in versions of Nextcloud Android app prior to 3.17.1, the vulnerability stems from a network system or product that has a configuration and other...

CVE-2021-41166

The Nextcloud Android app is the Android client for Nextcloud, a self-hosted productivity platform. An issue in versions prior to 3.17.1 may lead to sensitive information disclosure. An unauthorized app that does not have the otherwise required MANAGEDOCUMENTS permission may view image thumbnails...

CVE-2021-41166

The Nextcloud Android app is the Android client for Nextcloud, a self-hosted productivity platform. An issue in versions prior to 3.17.1 may lead to sensitive information disclosure. An unauthorized app that does not have the otherwise required MANAGEDOCUMENTS permission may view image thumbnails...

Information disclosure

The Nextcloud Android app is the Android client for Nextcloud, a self-hosted productivity platform. An issue in versions prior to 3.17.1 may lead to sensitive information disclosure. An unauthorized app that does not have the otherwise required MANAGEDOCUMENTS permission may view image thumbnails...

CVE-2021-41166 Permission bypass in Nextcloud Android App

The Nextcloud Android app is the Android client for Nextcloud, a self-hosted productivity platform. An issue in versions prior to 3.17.1 may lead to sensitive information disclosure. An unauthorized app that does not have the otherwise required MANAGEDOCUMENTS permission may view image thumbnails...

CVE-2021-41166

CVE-2021-41166 affects the Nextcloud Android app. An unauthorized app lacking the MANAGE_DOCUMENTS permission may view image thumbnails for images it should not access. The issue is fixed in version 3.17.1; there are no known workarounds. Users and administrators should upgrade to 3.17.1 or later...

Nextcloud Android app 信息泄露漏洞

Nextcloud Android app is an Android-based mobile application for accessing Nextcloud servers from the German company Nextcloud. information disclosure in versions of Nextcloud Android app prior to 3.17.1, the vulnerability stems from a network system or product that has a configuration and other...

Cross-site Scripting (XSS) - Stored in pimcore/pimcore

Description stored xss vulnerability occurs when you change the value of Group at "Settings" = "Thumbnalis" = "Video Thumbnails" in the pimcore service. Proof of Concept txt XSS POC : " 1. Open the https://10.x-dev.pimcore.fun/admin/login?perspective= 2. After login, Go to "Settings" = "Thumbnali...

Cross-site Scripting (XSS) - Stored in pimcore/pimcore

Description The pimcore/pimcore package is an open source platform that provides PIM, MDM, CDP, DAM, DXP/CMS & Digital Commerce services. stored xss vulnerability occurs when you add media query at "Settings" = "Thumbnails" = "Video Thumbnails" in the pimcore service. Proof of Concept txt XSS POC...

WordPress Plugin Access Control Error Vulnerability (CNVD-2021-101466)

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports the hosting of personal blogging sites on servers with PHP and MySQL. WordPress plugin is a WordPress open source application plugin. WordPress plugin Simple Download Monitor...

CVE-2021-24698

The Simple Download Monitor WordPress plugin before 3.9.6 allows users with a role as low as Contributor to remove thumbnails from downloads they do not own, even if they cannot normally edit the download...

CVE-2021-39184 Sandboxed renderers can obtain thumbnails of arbitrary files through the nativeImage API

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. A vulnerability in versions prior to 11.5.0, 12.1.0, and 13.3.0 allows a sandboxed renderer to request a "thumbnail" image of an arbitrary file on the user's system. The thumbnail can potential...

Electron 安全漏洞

Electron is a personal developer of a user to write cross-platform desktop application JavaScript framework. The framework is based on nodejs and Chromium and can be used to write cross-platform desktop applications using HTML and CSS. A security vulnerability exists in Electron that allows a...

WordPress Simple Download Monitor plugin <= 3.9.5 - Arbitrary Thumbnails Removal vulnerability

Arbitrary Thumbnails Removal vulnerability discovered by apple502j in WordPress Simple Download Monitor plugin versions = 3.9.5. Solution Update the WordPress Simple Download Monitor plugin to the latest available version at least 3.9.6...

WordPress Simple Download Monitor plugin <= 3.9.5 - Arbitrary Thumbnails Removal vulnerability

Arbitrary Thumbnails Removal vulnerability discovered by apple502j in WordPress Simple Download Monitor plugin versions = 3.9.5. Solution Update the WordPress Simple Download Monitor plugin to the latest available version at least 3.9.6...

Simple Download Monitor < 3.9.6 - Arbitrary Thumbnails Removal

The plugin allows users with a role as low as Contributor to remove thumbnails from downloads they do not own, even if they cannot normally edit the download. jQuery.postajaxurl, action: "sdmremovethumbnailimage", postiddel: 613 // not owned by the user POST /wp-admin/admin-ajax.php HTTP/1.1...