Lucene search
K

127 matches found

RedhatCVE
RedhatCVE
added 2025/09/06 11:25 a.m.12 views

CVE-2025-41061

A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'dataAddonlayouts' and 'dataAddonlayoutsexcept' parameters in /apprain/developer/addons/update/uploadify...

5.4CVSS6.1AI score0.00162EPSS
Exploits0References1
OSV
OSV
added 2025/09/04 12:15 p.m.2 views

CVE-2025-41061

A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'dataAddonlayouts' and 'dataAddonlayoutsexcept' parameters in /apprain/developer/addons/update/uploadify...

5.4CVSS5.7AI score0.00162EPSS
Exploits0References1
Snyk
Snyk
added 2025/09/04 11:43 a.m.2 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via improper validation of user input in the dataAddonlayouts and dataAddonlayoutsexcept parameters within the /apprain/developer/addons/update/uploadify process. An attacker can execute arbitrary JavaScript cod...

5.4CVSS5.5AI score0.00162EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/09/04 11:15 a.m.3 views

CVE-2025-41061 Stored Cross-Site Scripting vulnerability in appRain CMF

A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'dataAddonlayouts' and 'dataAddonlayoutsexcept' parameters in /apprain/developer/addons/update/uploadify...

5.1CVSS5.7AI score0.00162EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/09/04 11:15 a.m.4 views

CVE-2025-41061 Stored Cross-Site Scripting vulnerability in appRain CMF

A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'dataAddonlayouts' and 'dataAddonlayoutsexcept' parameters in /apprain/developer/addons/update/uploadify...

5.1CVSS0.00162EPSS
Exploits0References1
CVE
CVE
added 2025/09/04 11:15 a.m.16 views

CVE-2025-41061

appRain CMF 4.0.5 contains a stored authenticated XSS vulnerability in the /apprain/developer/addons/update/uploadify endpoint, caused by insufficient validation of user input in data[Addon][layouts] and data[Addon][layouts_except]. Public descriptions from CNVD/CNNVD and SNYK corroborate that th...

5.4CVSS5.7AI score0.00162EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2025/09/04 12:0 a.m.2 views

appRain CMF 跨站脚本漏洞

appRain CMF is a content management framework. A cross-site scripting vulnerability exists in appRain CMF due to improper validation of user input on the /apprain/developer/addons/update/uploadify endpoint. An attacker could use this vulnerability to steal the victim's cookie-based authentication...

5.4CVSS6.2AI score0.00162EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/09/04 12:0 a.m.8 views

PT-2025-35932

Name of the Vulnerable Software and Affected Versions: appRain CMF version 4.0.5 Description: A stored authenticated Cross-Site Scripting XSS issue exists due to insufficient validation of user-supplied data. The vulnerability is triggered through the dataAddonlayouts and dataAddonlayouts except...

5.4CVSS5.3AI score0.00162EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/08/10 6:14 p.m.16 views

CVE-2012-10052

EGallery version 1.2 contains an unauthenticated arbitrary file upload vulnerability in the uploadify.php script. The application fails to validate file types or enforce authentication, allowing remote attackers to upload malicious PHP files directly into the web-accessible egallery/ directory...

9.3CVSS8.2AI score0.01389EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/08/08 6:10 p.m.5 views

CVE-2012-10052 EGallery 1.2 Arbitrary PHP File Upload

EGallery version 1.2 contains an unauthenticated arbitrary file upload vulnerability in the uploadify.php script. The application fails to validate file types or enforce authentication, allowing remote attackers to upload malicious PHP files directly into the web-accessible egallery/ directory...

9.3CVSS8.1AI score0.01389EPSS
Exploits0References5
Cvelist
Cvelist
added 2025/08/08 6:10 p.m.13 views

CVE-2012-10052 EGallery 1.2 Arbitrary PHP File Upload

EGallery version 1.2 contains an unauthenticated arbitrary file upload vulnerability in the uploadify.php script. The application fails to validate file types or enforce authentication, allowing remote attackers to upload malicious PHP files directly into the web-accessible egallery/ directory...

9.3CVSS0.01389EPSS
Exploits0References5
CVE
CVE
added 2025/08/08 6:10 p.m.22 views

CVE-2012-10052

CVE-2012-10052 affects EGallery (version 1.2). The vulnerability is an unauthenticated arbitrary file upload in the uploadify.php script, where the app does not validate file types or require authentication, allowing remote attackers to upload PHP files into the web-accessible egallery/ directory...

9.3CVSS7.8AI score0.01389EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/08/08 12:0 a.m.7 views

PT-2025-32405 · Gallery · Gallery

Name of the Vulnerable Software and Affected Versions: EGallery version 1.2 Description: EGallery version 1.2 contains an unauthenticated arbitrary file upload vulnerability in the uploadify.php script. The application does not validate file types or enforce authentication, allowing remote...

9.3CVSS8.2AI score0.01389EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2025/08/05 8:6 p.m.4 views

CVE-2012-10027

WP-Property plugin for WordPress up to and including version 1.35.0 contains an unauthenticated file upload vulnerability in the third-party uploadify.php script. A remote attacker can upload arbitrary PHP files to a temporary directory without authentication, leading to remote code execution...

9.3CVSS6.2AI score0.01624EPSS
Exploits0References5
VulnCheck KEV
VulnCheck KEV
added 2024/03/07 12:0 a.m.7 views

VulnCheck KEV: CVE-2023-2648

A vulnerability was found in Weaver E-Office 9.5. It has been classified as critical. This affects an unknown part of the file /inc/jquery/uploadify/uploadify.php. The manipulation of the argument Filedata leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit...

9.8CVSS6.4AI score0.28478EPSS
Exploits3References1
OSV
OSV
added 2023/05/11 8:15 a.m.5 views

CVE-2023-2648

A vulnerability was found in Weaver E-Office 9.5. It has been classified as critical. This affects an unknown part of the file /inc/jquery/uploadify/uploadify.php. The manipulation of the argument Filedata leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit h...

9.8CVSS6.2AI score0.28478EPSS
Exploits3References3
Positive Technologies
Positive Technologies
added 2023/05/11 12:0 a.m.10 views

PT-2023-20671 · Unknown +1 · Weaver E-Office +1

Name of the Vulnerable Software and Affected Versions: Weaver E-Office version 9.5 Description: A critical issue has been found, affecting an unknown part of the file /inc/jquery/uploadify/uploadify.php. The manipulation of the Filedata argument leads to unrestricted upload. It is possible to...

9.8CVSS7AI score0.28478EPSS
Exploits3References5
CNNVD
CNNVD
added 2023/05/11 12:0 a.m.18 views

Weaver E-Office 代码问题漏洞

Weaver E-Office is a collaborative office system from China's Panavision Technologies Weaver. A code issue vulnerability exists in Weaver E-Office version 9.5, which stems from a problem with the file /inc/jquery/uploadify/uploadify.php, where manipulation of the parameter Filedata can result in...

9.8CVSS6.9AI score0.28478EPSS
Exploits3References4
CNVD
CNVD
added 2020/08/11 12:0 a.m.0 views

TPshop open source mall management background Uploadify page file upload vulnerability

TPshop open source mall is developed with the latest version of ThinkPHP shop mall. TPshop open source mall management background Uploadify page file upload vulnerability. Attackers can use this vulnerability to upload webshell, get server privileges...

7.1AI score
Exploits0
CNVD
CNVD
added 2020/08/11 12:0 a.m.1 views

TPshop open source mall merchant management background Uploadify page file upload vulnerabilities exist

TPshop open source mall is developed with the latest version of ThinkPHP shop mall. TPshop open source mall merchant management background Uploadify page file upload vulnerability. Attackers can use this vulnerability to upload webshell, get server privileges...

7.1AI score
Exploits0
Rows per page
Query Builder