CVE-2026-3369

The Better Find and Replace – AI-Powered Suggestions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via uploaded image title in versions up to, and including, 1.7.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

CVE-2026-3369 Better Find and Replace – AI-Powered Suggestions <= 1.7.9 - Authenticated (Author+) Stored Cross-Site Scripting via Uploaded Image Title

The Better Find and Replace – AI-Powered Suggestions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via uploaded image title in versions up to, and including, 1.7.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

CVE-2026-3369 Better Find and Replace – AI-Powered Suggestions <= 1.7.9 - Authenticated (Author+) Stored Cross-Site Scripting via Uploaded Image Title

The Better Find and Replace – AI-Powered Suggestions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via uploaded image title in versions up to, and including, 1.7.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

CVE-2021-41609

SQL injection in the ID parameter of the UploadedImageDisplay.aspx endpoint of SelectSurvey.NET before 5.052.000 allows a remote, unauthenticated attacker to retrieve data from the application's backend database via boolean-based blind and UNION injection...

EUVD-2022-6086

Malicious code in bioql PyPI...

CVE-2017-8892

Cross-site scripting XSS vulnerability in OpenText Tempo Box 10.0.3 allows remote attackers to inject arbitrary web script or HTML persistently via the name of an uploaded image...

CVE-2023-6562

JPX Fragment List flst box vulnerability in Kakadu 7.9 allows an attacker to exfiltrate local and remote files reachable by a server if the server allows the attacker to upload a specially-crafted the image that is displayed back to the attacker...

Researchers Uncover New Bugs in Popular ImageMagick Image Processing Utility

Cybersecurity researchers have disclosed details of two security flaws in the open source ImageMagick software that could potentially lead to a denial-of-service DoS and information disclosure. The two issues, which were identified by Latin American cybersecurity firm Metabase Q in version...

Cross site scripting in intelliants/subrion

An issue was discovered in Subrion CMS v4.2.1 There is a stored cross-site scripting XSS vulnerability that can execute malicious JavaScript code by modifying the name of the uploaded image, closing the html tag, or adding the onerror attribute...

Cross site scripting

An issue was discovered in Subrion CMS v4.2.1 There is a stored cross-site scripting XSS vulnerability that can execute malicious JavaScript code by modifying the name of the uploaded image, closing the html tag, or adding the onerror attribute...

CVE-2021-41609

SQL injection in the ID parameter of the UploadedImageDisplay.aspx endpoint of SelectSurvey.NET before 5.052.000 allows a remote, unauthenticated attacker to retrieve data from the application's backend database via boolean-based blind and UNION injection...

CVE-2021-41608

A file disclosure vulnerability in the UploadedImageDisplay.aspx endpoint of SelectSurvey.NET before 5.052.000 allows a remote, unauthenticated attacker to retrieve survey user submitted data by modifying the value of the ID parameter in sequential order beginning from 1...

ClassApps SelectSurvey.NET 安全漏洞

ClassApps SelectSurvey.Net is a survey software from ClassApps USA built using Microsoft's cutting-edge . A security vulnerability in the UploadedImageDisplay.aspx endpoint of ClassApps SelectSurvey.NET before 5.052.000 allows remote, unauthenticated attackers to retrieve survey user-submitted da...

ClassApps SelectSurvey.NET SQL注入漏洞

Net is a survey software from ClassApps, Inc. built using Microsoft's cutting-edge . A SQL injection vulnerability exists in the ID parameter of the UploadedImageDisplay.aspx endpoint, which can be exploited by an unauthenticated attacker to retrieve data from the application's back-end database...

Cross-site Scripting (XSS) - Stored in apostrophecms/apostrophe

✍️ Description : An attacker could upload a specially crafted SVG image containing malicious scripting code. When following a link to this image, the code would be executed. 🕵️‍♂️ Proof of Concept : // PoC.js var payload = ... Link POC using Demo --...

Cross site scripting

In OpenText Documentum D2 Webtop v4.6.0030 build 059, a Stored Cross-Site Scripting Vulnerability could potentially be exploited by malicious users to compromise the affected system via a filename of an uploaded image file...

Subsonic Cross-Site Scripting Vulnerability

Subsonic is a media streaming server that allows users to save music or collect videos on the server. Subsonic suffers from a cross-site scripting vulnerability. A remote attacker could use this vulnerability to persistently inject arbitrary web script or HTML via the name of an uploaded image...

CVE-2017-8892

Cross-site scripting XSS vulnerability in OpenText Tempo Box 10.0.3 allows remote attackers to inject arbitrary web script or HTML persistently via the name of an uploaded image...

CVE-2017-8892

Cross-site scripting XSS vulnerability in OpenText Tempo Box 10.0.3 allows remote attackers to inject arbitrary web script or HTML persistently via the name of an uploaded image...