Frauscher Sensortechnik FDS102 代码问题漏洞

The Frauscher Sensortechnik FDS102 is a diagnostic system device from Frauscher. A code issue vulnerability exists in the Frauscher Sensortechnik FDS102 that originates from uploading malicious code without authentication via the configuration upload function...

CVE-2022-40407

CVE-2022-40407 concerns Chamilo LMS, affecting version 1.11. The connected documents describe a zip-slip vulnerability in Chamilo’s file-upload function that enables remote code execution via a crafted Zip file. The underlying issue is a zip-slip extraction flaw in the upload handling, leading to...

Cross site scripting

Cross Site Scripting XSS in xiunobbs 4.0.4 allows remote attackers to execute arbitrary web script or HTML via the attachment upload function...

CVE-2022-34025

Vesta v1.0.0-5 was discovered to contain a cross-site scripting XSS vulnerability via the post function at /web/api/v1/upload/UploadHandler.php...

Cross-site scripting - Stored via upload ".xlr" file

Description In file upload function, the server allow upload .xlr file with contain some javascript code lead to XSS. Proof of Concept REQUEST POST /demo/plupload HTTP/1.1 Host: demo.microweber.org Cookie: laravelsession=r768Tqzv8h0fkjgvKdofhxgmjcorT6pwuqMKJkIb;...

Remote Code Execution (RCE)

tiddlywiki is vulnerable to remote code execution. The vulnerability exists due to a lack of sanitization of the upload function allowing an attacker to inject maliciously crafted script via a crafted SVG file...

CVE-2022-30013

A stored cross-site scripting XSS vulnerability in the upload function of totaljs CMS 3.4.5 allows attackers to execute arbitrary web scripts via a JavaScript embedded PDF file...

CVE-2022-30013

A stored cross-site scripting XSS vulnerability in the upload function of totaljs CMS 3.4.5 allows attackers to execute arbitrary web scripts via a JavaScript embedded PDF file...

Cross site scripting

A stored cross-site scripting XSS vulnerability in the upload function of totaljs CMS 3.4.5 allows attackers to execute arbitrary web scripts via a JavaScript embedded PDF file...

CVE-2022-30013

CVE-2022-30013 describes a stored XSS vulnerability in the upload function of totaljs CMS 3.4.5, allowing an attacker to execute arbitrary web scripts via a JavaScript-embedded PDF file. Multiple sources (Red Hat, CNVD, OSV, NVD, CVE listings, Veracode, CNVD) consistently report the issue as a st...

CVE-2022-30013

A stored cross-site scripting XSS vulnerability in the upload function of totaljs CMS 3.4.5 allows attackers to execute arbitrary web scripts via a JavaScript embedded PDF file...

CVE-2022-28053

Typemill v1.5.3 was discovered to contain an arbitrary file upload vulnerability via the upload function. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file...

Webmin 跨站请求伪造漏洞

Webmin is the Webmin community's set of Web-based system administration tools for Unix-like operating systems. A cross-site request forgery vulnerability exists in Webmin version 1.973, which stems from a lack of token validation for cross-site request forgery in the upload and download functions...

CVE-2022-27477

Newbee-Mall v1.0.0 was discovered to contain an arbitrary file upload via the Upload function at /admin/goods/edit...

CVE-2022-27477

Newbee-Mall v1.0.0 was discovered to contain an arbitrary file upload via the Upload function at /admin/goods/edit...

CVE-2022-27477

Newbee-Mall v1.0.0 was discovered to contain an arbitrary file upload via the Upload function at /admin/goods/edit...

g33kyrash Online Banking System 代码问题漏洞

g33kyrash Online Banking System is an online banking system developed by g33kyrash Personal Developer using PHP and MySQL. A security vulnerability exists in Online Banking System Protect version 1.0, which allows an attacker to execute arbitrary code from a specially crafted PHP file uploaded by...

DouPHP Cross-Site Scripting Vulnerability (CNVD-2022-72218)

A cross-site scripting vulnerability exists in DouPHP, a lightweight enterprise content management system CMS from China DouShell Network Technology. The vulnerability stems from a lack of data validation filtering of user-supplied data and output in the upload function of dmin/show.php. An...

CVE-2022-25574

A stored cross-site scripting XSS vulnerability in the upload function of /admin/show.php allows attackers to execute arbitrary web scripts or HTML via a crafted image file...

CVE-2022-25574

A stored cross-site scripting XSS vulnerability in the upload function of /admin/show.php allows attackers to execute arbitrary web scripts or HTML via a crafted image file...