10 matches found
Command Injection
Overview Affected versions of this package are vulnerable to Command Injection via the software installer pipeline that generates uninstall shell scripts without sanitization. An attacker can execute arbitrary system commands with elevated privileges by crafting malicious software package metadat...
CVE-2025-69983
FUXA v1.2.7 allows Remote Code Execution RCE via the project import functionality. The application does not properly sanitize or sandbox user-supplied scripts within imported project files. An attacker can upload a malicious project containing system commands, leading to full system compromise...
FUXA allows Remote Code Execution (RCE) via the project import functionality.
FUXA v1.2.7 allows Remote Code Execution RCE via the project import functionality. The application does not properly sanitize or sandbox user-supplied scripts within imported project files. An attacker can upload a malicious project containing system commands, leading to full system compromise...
CVE-2025-69983
FUXA v1.2.7 allows Remote Code Execution RCE via the project import functionality. The application does not properly sanitize or sandbox user-supplied scripts within imported project files. An attacker can upload a malicious project containing system commands, leading to full system compromise...
CVE-2025-69983
CVE-2025-69983 (FUXA v1.2.7) is a Remote Code Execution vulnerability exposed via the project import functionality. The issue arises because user-supplied scripts within imported project files are not properly sanitized or sandboxed, enabling an attacker to upload a malicious project that could e...
PT-2026-5981
Name of the Vulnerable Software and Affected Versions FUXA version 1.2.7 Description FUXA version 1.2.7 contains a Remote Code Execution RCE issue through the project import functionality. The application fails to properly sanitize or sandbox user-supplied scripts within imported project files. A...
CVE-2025-69983
FUXA v1.2.7 allows Remote Code Execution RCE via the project import functionality. The application does not properly sanitize or sandbox user-supplied scripts within imported project files. An attacker can upload a malicious project containing system commands, leading to full system compromise...
CVE-2025-69983
FUXA v1.2.7 allows Remote Code Execution RCE via the project import functionality. The application does not properly sanitize or sandbox user-supplied scripts within imported project files. An attacker can upload a malicious project containing system commands, leading to full system compromise...
CVE-2025-65790
A reflected cross-site scripting XSS vulnerability exists in FuguHub 8.1 when serving SVG files through the /fs/ file manager interface. FuguHub does not sanitize or restrict script execution inside SVG content. When a victim opens a crafted SVG containing an inline...
PT-2018-5029 · Red Hat · Jboss Brms 6 +1
Name of the Vulnerable Software and Affected Versions: JBoss BRMS 6 and BPM Suite 6 Description: The issue is related to a stored XSS flaw in the business process editor, caused by an incomplete fix. Remote, authenticated attackers with privileges to create business processes can store scripts th...