CVE-2026-23499

Saleor is an e-commerce platform. Starting in version 3.0.0 and prior to versions 3.20.108, 3.21.43, and 3.22.27, Saleor allowed authenticated staff users or Apps to upload arbitrary files, including malicious HTML and SVG files containing Javascript. Depending on the deployment strategy, these...

EUVD-2022-29467

Malicious code in bioql PyPI...

CVE-2022-24588

Flatpress v1.2.1 was discovered to contain a cross-site scripting XSS vulnerability in the Upload SVG File function...

CVE-2022-24588

Flatpress v1.2.1 was discovered to contain a cross-site scripting XSS vulnerability in the Upload SVG File function...

CVE-2022-24588

CVE-2022-24588 concerns Flatpress v1.2.1, where a cross-site scripting (XSS) vulnerability exists in the Upload SVG File function. The available connected sources consistently describe the same flaw in Flatpress 1.2.1, with no public details beyond the XSS risk in that specific upload path. The C...

Kirby 跨站脚本漏洞

Kirby is a file-based content management system CMS. Kirby suffers from a cross-site scripting vulnerability that allows a write-access editor to upload SVG files containing harmful content such as "script" tags...

Invision Power Board 4.1.19.2 XSS / CSRF / File Upload / Disclosure Vulnerabilities

Invision Power Board version 4.1.19.2 suffers from reflective and stored cross site scripting, cross site request forgery, information disclosure, file upload, and shell access vulnerabilities. +--------------------------------------------------------------+ | Vulnerable Software: Invision Power...