Cross-site Scripting (XSS)

YesWiki is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper validation in the attach component, where a non-existing resource in the file attribute generates a file upload button, allowing authenticated users with edit or comment permissions to inject malicious scripts...

CVE-2025-24018

YesWiki is a wiki system written in PHP. In versions up to and including 4.4.5, it is possible for an authenticated user with rights to edit/create a page or comment to trigger a stored XSS which will be reflected on any page where the resource is loaded. The vulnerability makes use of the conten...

Directory Traversal

Overview gradio is a Python library for easily interacting with trained machine learning models Affected versions of this package are vulnerable to Directory Traversal due to the improper handling of file paths in the processingutils.asyncmovefilestocache function. An attacker can read arbitrary...

PT-2024-34882 · Gradio · Gradio

Name of the Vulnerable Software and Affected Versions: Gradio versions prior to 5.5.0 Description: The issue allows an attacker with access to the application to abuse File or UploadButton components and read arbitrary files from the application server. This is possible because the client utils.i...

Gradio 路径遍历漏洞

Gradio, an open source Python library from Gradio Open Source, is a method for demonstrating machine learning models through a friendly web interface. A security vulnerability exists in Gradio versions 5.0.0 through 5.4.0, which stems from a File or UploadButton component, when used to preview fi...

GHSA-3F95-MXQ2-2F63 Duplicate Advisory: Gradio Local File Inclusion vulnerability

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-m842-4qm8-7gpq. This link is maintained to preserve external references. Original Description gradio-app/gradio is vulnerable to a local file inclusion vulnerability due to improper validation of user-supplied...

Cross site scripting

Cross SIte Scripting XSS vulnerability exists in KindEditor 4.1.x via a Google search inurl:/examples/uploadbutton.html and then the .html file on the website that uses this editor the file suffix is allowed...

Fluidgalleries Photo Upload Shell Upload

In The Name Of Allah + Exploit Title : fluidgalleries Photo Upload Remote Shell Upload Vulnerability + Google Dork 1 : inurl:"fluidgalleries/dat/info.dat" + Google Dork 2 : inurl:"/fluidgalleries/php/" + Date : 01/08/2013 + Exploit Author : IranianDarkCodersTeam + Home : www.idc-team.net +...

Software Index a remote file upload vulnerability-vulnerability warning-the black bar safety net

Upload file filter is not strict, resulting in remote file upload executable code vulnerabilities. Bulk Google Dork : Copyright 2 0 1 0. Software Index Exp: the html head TitleSelect Image File for uploading/Title script language="JavaScript" function checkFile if form1. userfile. value == ""...