3 matches found
CVE-2026-42841 Grav: Stored XSS via Markdown media attribute() action in Grav CMS
Grav is a file-based Web platform. Prior to 2.0.0-beta.2, an authenticated user with page editing permissions can inject an executable JavaScript event-handler attribute into rendered image HTML through Grav's Markdown media action syntax. The issue is caused by Markdown image query parameters...
CVE-2026-35392 goshs has an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in goshs PUT Upload
goshs is a SimpleHTTPServer written in Go. Prior to 2.0.0-beta.3, PUT upload in httpserver/updown.go has no path sanitization. This vulnerability is fixed in 2.0.0-beta.3...
ThinkUp 路径遍历漏洞
ThinkUp is a free, installable web application from ThinkUp USA, Inc. Used to gain insight into activity on social networks such as Twitter, Facebook and Instagram, ThinkUp has a security vulnerability that stems from the fact that ThinkUp 2.0-beta is affected by a path manipulation vulnerability...