Lucene search
K

4 matches found

OSV
OSV
added 2026/06/19 7:35 p.m.3 views

GHSA-7WQV-XJF3-X35V parse-server: Stored XSS via trailing-dot filename bypassing file upload extension blocklist

Impact The default file upload extension blocklist can be bypassed by appending a trailing dot to a filename whose extension would otherwise be blocked e.g. poc.svg.. The trailing dot causes the extension parser to extract an empty string, which short-circuits the blocklist check, and the...

2.1CVSS5.8AI score0.00281EPSS
Exploits0References5
CVE
CVE
added 2026/06/12 6:34 p.m.31 views

CVE-2026-53724

CVE-2026-53724 – Parse Server Stored XSS (trailing-dot bypass) affects Parse Server prior to versions 8.6.79 and 9.9.1-alpha.4. A trailing dot on a filename bypasses the default file upload extension blocklist by making the extension parser yield an empty string, allowing the attacker-controlled ...

2.1CVSS5.2AI score0.00281EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 6:17 a.m.5 views

SUSE CVE-2005-3007

Opera before 8.50 allows remote attackers to spoof the content type of files via a filename with a trailing "." dot, which might allow remote attackers to trick users into processing dangerous content...

2.6CVSS6.9AI score0.02996EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2013/10/09 2:54 p.m.8 views

CVE-2013-5576

administrator/components/commedia/helpers/media.php in the media manager in Joomla! 2.5.x before 2.5.14 and 3.x before 3.1.5 allows remote authenticated users or remote attackers to bypass intended access restrictions and upload files with dangerous extensions via a filename with a trailing . dot...

6.8CVSS5.6AI score0.48191EPSS
Exploits5References13
Rows per page
Query Builder