CVE-2025-9163

The Houzez theme for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 4.1.6 due to insufficient input sanitization and output escaping in the houzezpropertyimgupload and houzezpropertyattachmentupload functions. This makes it possib...

Design/Logic Flaw

In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 an unauthenticated remote attacker can access upload-functions of the HTTP API. This might cause certificate errors for SSL-connections and might result in a partial denial-of-service...

CVE-2023-37862

The CVE-2023-37862 entry concerns PHOENIX CONTACT WP 6xxx series web panels (versions prior to 4.0.10) with insufficient authorization in the HTTP API upload functions. An unauthenticated remote attacker can access the upload endpoints, which can lead to SSL certificate errors and may cause a par...

PT-2023-4528 · Phoenix Contact · Phoenix Contact Wp 6Xxx Series Web Panels

Name of the Vulnerable Software and Affected Versions: PHOENIX CONTACT WP 6xxx series web panels versions prior to 4.0.10 Description: The issue is related to insufficient authorization procedures in the web panels, allowing an unauthenticated remote attacker to access upload functions of the HTT...

CVE-2021-42123 Missing Upload Filter in TopEase

Unrestricted File Upload in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version = 7.1.27 in the File Upload Functions allows an authenticated remote attacker with Upload privileges to upload files with any file type, enabling client-side attacks...

CVE-2021-40191

Dzzoffice Version 2.02.1 is affected by cross-site scripting XSS due to a lack of sanitization of input data at all upload functions in webroot/dzz/attach/Uploader.class.php and return a wrong response in content-type of output data in webroot/dzz/attach/controller.php...

CVE-2021-40191

Dzzoffice Version 2.02.1 is affected by cross-site scripting XSS due to a lack of sanitization of input data at all upload functions in webroot/dzz/attach/Uploader.class.php and return a wrong response in content-type of output data in webroot/dzz/attach/controller.php...

CVE-2021-40191

Dzzoffice Version 2.02.1 is affected by cross-site scripting XSS due to a lack of sanitization of input data at all upload functions in webroot/dzz/attach/Uploader.class.php and return a wrong response in content-type of output data in webroot/dzz/attach/controller.php...

DzzOffice 跨站脚本漏洞

DzzOffice is a platform from IBM DzzOffice in the United States that provides online collaborative office suite functionality. The platform can be used to provide features such as online documents, forms, webstores, presentations, and more. A cross-site scripting vulnerability exists in IBM...