Path Traversal

github.com/sjqzhang/go-fastdfs is vulnerable to Path Traversal. The vulnerability exists because the Upload function of fileserver.go does not properly check custom paths, which allows an attacker to access files outside the expected directory through the /group1/upload in the File Upload Handler...

GHSA-XQ3X-GRRJ-FJ6X sjqzhang go-fastdfs vulnerable to path traversal

sjqzhang go-fastdfs up to 1.4.3 is vulnerable to path traversal in the function upload of the file /group1/upload of the component File Upload Handler. The attack may be launched remotely and the exploit has been disclosed to the public and may be used...

CVE-2023-1800

A vulnerability, which was classified as critical, has been found in sjqzhang go-fastdfs up to 1.4.3. Affected by this issue is the function upload of the file /group1/uploa of the component File Upload Handler. The manipulation leads to path traversal: '../filedir'. The attack may be launched...

CVE-2023-1800

A vulnerability, which was classified as critical, has been found in sjqzhang go-fastdfs up to 1.4.3. Affected by this issue is the function upload of the file /group1/uploa of the component File Upload Handler. The manipulation leads to path traversal: '../filedir'. The attack may be launched...

Path traversal

A vulnerability, which was classified as critical, has been found in sjqzhang go-fastdfs up to 1.4.3. Affected by this issue is the function upload of the file /group1/uploa of the component File Upload Handler. The manipulation leads to path traversal: '../filedir'. The attack may be launched...

CVE-2023-1800 sjqzhang go-fastdfs File Upload uploa upload path traversal

A vulnerability, which was classified as critical, has been found in sjqzhang go-fastdfs up to 1.4.3. Affected by this issue is the function upload of the file /group1/uploa of the component File Upload Handler. The manipulation leads to path traversal: '../filedir'. The attack may be launched...

CVE-2023-1746

A vulnerability, which was classified as problematic, was found in Dreamer CMS up to 3.5.0. Affected is an unknown function of the component File Upload Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. VDB-224634 is the identifier assigned to...

Cross site scripting

A vulnerability, which was classified as problematic, was found in Dreamer CMS up to 3.5.0. Affected is an unknown function of the component File Upload Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. VDB-224634 is the identifier assigned to...

CVE-2023-1746 Dreamer CMS File Upload cross site scripting

A vulnerability, which was classified as problematic, was found in Dreamer CMS up to 3.5.0. Affected is an unknown function of the component File Upload Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. VDB-224634 is the identifier assigned to...

Dreamer CMS 跨站脚本漏洞

Dreamer CMS is a dreamer content management system by Junnan Wang, an individual developer in China. A security vulnerability exists in Dreamer CMS 3.5.0 and earlier versions, which stems from a problem with the component File Upload Handler that can lead to cross-site scripting...

PT-2023-17211 · Unknown · Dreamer Cms

Name of the Vulnerable Software and Affected Versions: Dreamer CMS versions up to 3.5.0 Description: A problematic issue was found in the File Upload Handler component, leading to cross site scripting. The manipulation can be launched remotely, affecting an unknown function. Recommendations: For...

GHSA-GG8R-XJWQ-4W92 Cross-site scripting vulnerability in TinyMCE alerts

Impact A cross-site scripting XSS vulnerability was discovered in the alert and confirm dialogs when these dialogs were provided with malicious HTML content. This can occur in plugins that use the alert or confirm dialogs, such as in the image plugin, which presents these dialogs when certain...

Cross-site Scripting (XSS)

Overview TinyMCE is a web-based JavaScript HTML WYSIWYG editor control. Affected versions of this package are vulnerable to Cross-site Scripting XSS due to improper user-input sanitization in the alert and confirm dialogs when these dialogs were provided with malicious HTML content. This can occu...

CVE-2022-23494 Cross-site scripting vulnerability in TinyMCE alerts

tinymce is an open source rich text editor. A cross-site scripting XSS vulnerability was discovered in the alert and confirm dialogs when these dialogs were provided with malicious HTML content. This can occur in plugins that use the alert or confirm dialogs, such as in the image plugin, which...

CVE-2022-23494 Cross-site scripting vulnerability in TinyMCE alerts

tinymce is an open source rich text editor. A cross-site scripting XSS vulnerability was discovered in the alert and confirm dialogs when these dialogs were provided with malicious HTML content. This can occur in plugins that use the alert or confirm dialogs, such as in the image plugin, which...

CVE-2022-36303

Vesta v1.0.0-5 was discovered to contain a cross-site scripting XSS vulnerability via the handlefileupload function at /web/api/v1/upload/UploadHandler.php...

Vesta Control Panel 跨站脚本漏洞

Vesta Control Panel VestaCP is an open source web hosting control panel. A security vulnerability exists in Vesta Control Panel version v1.0.0-5, which stems from a security issue in the handlefileupload function in UploadHandler.php...

Vesta Control Panel 跨站脚本漏洞

Vesta Control Panel VestaCP is an open source web hosting control panel. A security vulnerability exists in Vesta Control Panel version v1.0.0-5, which stems from a security issue in the body function of UploadHandler.php...

GHSA-WXG6-F773-G2F7 jQuery File Upload Plugin Unrestricted file upload vulnerability

Unrestricted file upload vulnerability in server/php/UploadHandler.php in the jQuery File Upload Plugin 6.4.4 for jQuery, as used in the Creative Solutions Creative Contact Form formerly Sexy Contact Form before 1.0.0 for WordPress and before 2.0.1 for Joomla!, allows remote attackers to execute...

Raonwiz DEXT5 Editor Arbitrary File Download Vulnerability

Raonwiz DEXT5 Editor is an HTML-based Web editor from the Korean company Raonwiz. A security vulnerability exists in the handler/uploadhandler.jsp file in Raonwiz DEXT5 Editor 3.5.1402961 and earlier versions. An attacker can exploit this vulnerability to download arbitrary files with the help of...