175 matches found
CVE-2024-13141
A vulnerability classified as problematic was found in osuuu LightPicture up to 1.2.2. This vulnerability affects unknown code of the file /api/upload of the component SVG File Upload Handler. The manipulation of the argument file leads to cross site scripting. The attack can be initiated remotel...
CVE-2024-13140
A vulnerability classified as problematic has been found in Emlog Pro up to 2.4.3. Affected is an unknown function of the file /admin/article.php?action=uploadcover of the component Cover Upload Handler. The manipulation of the argument image leads to cross site scripting. It is possible to launc...
CVE-2024-13140
A vulnerability classified as problematic has been found in Emlog Pro up to 2.4.3. Affected is an unknown function of the file /admin/article.php?action=uploadcover of the component Cover Upload Handler. The manipulation of the argument image leads to cross site scripting. It is possible to launc...
CVE-2024-13140
CVE-2024-13140 affects Emlog Pro up to 2.4.3. A cross-site scripting vulnerability exists in the Cover Upload Handler, triggered by manipulating the image parameter in /admin/article.php?action=upload_cover. The flaw is exploitable remotely; public exploit appears in sources. Connected data confi...
PT-2025-2026 · Emlog Pro · Emlog Pro
Name of the Vulnerable Software and Affected Versions: Emlog Pro versions up to 2.4.3 Description: A problematic issue has been found in the Cover Upload Handler component, affecting an unknown function of the file /admin/article.php?action=upload cover. The manipulation of the image argument lea...
PT-2024-17557 · Guizhou Xiaoma Technology · Jpress
Name of the Vulnerable Software and Affected Versions: Guizhou Xiaoma Technology jpress version 5.1.2 Description: A problem was found in the Attachment Upload Handler's function AttachmentUtils.isUnSafe of the file /commons/attachment/upload. The manipulation of the argument files leads to cross...
CVE-2024-8370
A vulnerability classified as problematic was found in Grocy up to 4.2.0. This vulnerability affects unknown code of the file /api/files/recipepictures/ of the component SVG File Upload Handler. The manipulation of the argument forceserveas with the input picture' leads to cross site scripting. T...
CVE-2024-8370
A vulnerability classified as problematic was found in Grocy up to 4.2.0. This vulnerability affects unknown code of the file /api/files/recipepictures/ of the component SVG File Upload Handler. The manipulation of the argument forceserveas with the input picture' leads to cross site scripting. T...
CVE-2024-8370 Grocy SVG File Upload recipepictures cross site scripting
A vulnerability classified as problematic was found in Grocy up to 4.2.0. This vulnerability affects unknown code of the file /api/files/recipepictures/ of the component SVG File Upload Handler. The manipulation of the argument forceserveas with the input picture' leads to cross site scripting. T...
CVE-2024-8370
CVE-2024-8370 affects Grocy up to 4.2.0, targeting the SVG File Upload Handler. The vulnerability exists in unknown code path under /api/files/recipepictures/ where manipulating the argument force_serve_as with a crafted image leads to stored cross-site scripting. Exploitation is remotely possibl...
The vulnerability of the Firmware Upload Handler component of the Siemens RUGGEDCOM CROSSBOW secure access control system allows a perpetrator to upload arbitrary files and execute arbitrary code.
The vulnerability of the Firmware Upload Handler component of the Siemens RUGGEDCOM CROSSBOW access control system is related to incorrect external manipulation of file names or files. Exploiting this vulnerability allows a malicious actor to upload arbitrary files and execute arbitrary code...
The vulnerability of the Firmware Upload Handler component of the Siemens RUGGEDCOM CROSSBOW secure access control system allows a perpetrator to upload arbitrary files and execute arbitrary code.
The vulnerability of the Firmware Upload Handler component of the Siemens RUGGEDCOM CROSSBOW access control system is related to incorrect external manipulation of file names or files. Exploiting this vulnerability allows a malicious actor to upload arbitrary files and execute arbitrary code...
The vulnerability of the Firmware Upload Handler component of the Siemens RUGGEDCOM CROSSBOW secure access control system allows a perpetrator to upload arbitrary files and execute arbitrary code.
The vulnerability of the Firmware Upload Handler component of the Siemens RUGGEDCOM CROSSBOW access control system lies in improper external manipulation of file names or files. Exploiting this vulnerability allows a remote attacker to upload arbitrary files and execute arbitrary code...
PT-2024-3687 · Siemens · Ruggedcom Crossbow
Name of the Vulnerable Software and Affected Versions: RUGGEDCOM CROSSBOW versions prior to V5.5 Description: The issue is related to incorrect external control of a file name or path in the Firmware Upload Handler component of the RUGGEDCOM CROSSBOW system. This could allow a remote attacker to...
PT-2024-3688 · Siemens · Ruggedcom Crossbow
Name of the Vulnerable Software and Affected Versions: RUGGEDCOM CROSSBOW versions prior to V5.5 Description: The issue is related to incorrect external control of file names or paths in the Firmware Upload Handler component of the RUGGEDCOM CROSSBOW system. This could allow a remote attacker to...
PT-2024-21065 · Unknown · Pandaxgo Pandax
Name of the Vulnerable Software and Affected Versions: PandaXGO PandaX up to 20240310 Description: A critical issue has been found in the File Extension Handler component, specifically in the /apps/system/router/upload.go file. The manipulation of the file argument leads to unrestricted upload...
CVE-2024-0348
A vulnerability was found in SourceCodester Engineers Online Portal 1.0. It has been classified as problematic. Affected is an unknown function of the component File Upload Handler. The manipulation leads to resource consumption. It is possible to launch the attack remotely. The exploit has been...
Design/Logic Flaw
A vulnerability was found in SourceCodester Engineers Online Portal 1.0. It has been classified as problematic. Affected is an unknown function of the component File Upload Handler. The manipulation leads to resource consumption. It is possible to launch the attack remotely. The exploit has been...
CVE-2024-0348
The CVE-2024-0348 entry concerns SourceCodester Engineers Online Portal 1.0. The vulnerability affects the File Upload Handler component (an unknown function) and leads to resource consumption. The issue is exploitable remotely over the network, with the exploit publicly disclosed (VDB-250116). S...
Engineers Online Portal Resource Management Error Vulnerability
Engineers Online Portal is open source an online portal . It is developed using PHP, MySQL database, HTML, CSS, Javascript, jQuery, Ajax, Bootstrap and some other libraries. A resource management error vulnerability exists in SourceCodester Engineers Online Portal version 1.0, which stems from th...