5 matches found
Design/Logic Flaw
SPIP before 4.1.14 and 4.2.x before 4.2.8 allows XSS via the name of an uploaded file. This is related to javascript/bigup.js and javascript/bigup.utils.js...
CVE-2023-3722 Avaya Aura Device Services Remote Code Execution
An OS command injection vulnerability was found in the Avaya Aura Device Services Web application which could allow remote code execution as the Web server user via a malicious uploaded file. This issue affects Avaya Aura Device Services version 8.1.4.0 and earlier...
ZOHO ManageEngine Log360 代码问题漏洞
ZOHO ManageEngine Log360 is an integrated log management and Active Directory auditing and alerting solution from ZOHO USA. The solution helps you mitigate security threats, detect persistent attack attempts, detect suspicious user activity, and comply with regulatory requirements.An input...
Cross site scripting
Cross-site scripting XSS vulnerability in IBM Business Process Manager BPM 7.5.x through 8.5.5 and WebSphere Lombardi Edition 7.2.0.x allows remote authenticated users to inject arbitrary web script or HTML via an uploaded file...
CVE-2013-7032
Multiple cross-site scripting XSS vulnerabilities in the web based operator client in LiveZilla before 5.1.2.1 allow remote attackers to inject arbitrary web script or HTML via the 1 name of an uploaded file or 2 customer name in a resource created from an uploaded file, a different vulnerability...