CVE-2025-60450

A stored Cross-Site Scripting XSS vulnerability has been discovered in MetInfo CMS version 8.0. The vulnerability exists due to insufficient validation and sanitization of SVG file uploads in the app\system\include\module\editor\Uploader.class.php component. This security flaw allows attackers to...

EUVD-2025-32299

Malicious code in bioql PyPI...

CVE-2025-60450

A stored Cross-Site Scripting XSS vulnerability has been discovered in MetInfo CMS version 8.0. The vulnerability exists due to insufficient validation and sanitization of SVG file uploads in the app\system\include\module\editor\Uploader.class.php component. This security flaw allows attackers to...

CVE-2025-60450

A stored Cross-Site Scripting XSS vulnerability has been discovered in MetInfo CMS version 8.0. The vulnerability exists due to insufficient validation and sanitization of SVG file uploads in the app\system\include\module\editor\Uploader.class.php component. This security flaw allows attackers to...

GHSA-64R3-582J-FRQM YUI Cross-site Scripting (XSS) vulnerability

Cross-site scripting XSS vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary we...

ProfilePress 3.0 - 3.1.3 - Arbitrary File Upload in File Uploader Component

There is functionality in the plugin to add file uploads to user registrations and profile updates that had no file type checking in place making it possible for arbitrary files to be uploaded. PoC fh = open'shell.php', 'wb' fh.writeb'\xFF\xD8\xFF\xE0' + b'' fh.close 'Hax0r', 'regemail' =...

AContent 1.3 File Upload

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 + Site : http://0day.today 0 1 + Support e-mail :...

CVE-2013-6780

Cross-site scripting XSS vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 2.5.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via the allowedDomain parameter...

CVE-2013-6780

CVE-2013-6780 is a cross-site scripting (XSS) vulnerability in Yahoo! YUI uploader.swf (Uploader component) affecting Yahoo! YUI versions 2.5.0 through 2.9.0. The flaw allows remote attackers to inject arbitrary web script or HTML via the allowedDomain parameter. Public writeups reference the vul...

CVE-2013-4942

Cross-site scripting XSS vulnerability in flashuploader.swf in the Uploader component in Yahoo! YUI 3.5.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitra...

CVE-2013-4941

Cross-site scripting XSS vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary we...

CVE-2013-4941

CVE-2013-4941 describes a Cross-site scripting (XSS) vulnerability in uploader.swf (Uploader component) of Yahoo! YUI 3.2.0–3.9.1, which is used in Moodle up to specific versions. The flaw allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. The affected s...

CVE-2013-4942

CVE-2013-4942 describes a cross-site scripting (XSS) vulnerability in flashuploader.swf, part of the Yahoo! YUI Uploader component (versions 3.5.0 through 3.9.1) that is used in Moodle up to various 2.x releases. The flaw allows remote attackers to inject arbitrary web script or HTML via a crafte...