PT-2024-39600 · WordPress · Wp Blocks Hub

Name of the Vulnerable Software and Affected Versions: WP Blocks Hub plugin for WordPress versions up to, and including, 1.0.2 Description: The issue is related to Stored Cross-Site Scripting via SVG File uploads due to insufficient input sanitization and output escaping. This allows authenticate...

PT-2022-18244 · Ghost · Ghost

Name of the Vulnerable Software and Affected Versions: Ghost version 4.39.0 Description: The issue concerns an arbitrary file upload vulnerability in the file upload module, potentially allowing attackers to execute arbitrary code via a crafted SVG file. However, the vendor states that uploading...

PT-2021-22497 · Suitecrm · Suitecrm

Name of the Vulnerable Software and Affected Versions: SuiteCRM versions prior to 7.11.19 Description: The issue allows a remote attacker to introduce arbitrary JavaScript via malicious SVG files, bypassing the clean file output protection mechanism. This enables the execution of arbitrary code,...

CVE-2020-36171

The Elementor Website Builder plugin before 3.0.14 for WordPress does not properly restrict SVG uploads...

Month Of Abysssec Undisclosed Bugs - Sirang D-Control

''' | / |/ \ /\ | | | | \ | \ / | | | | / \ | | | | | | | |/| | | | |/ /\ | | | | "" then txt10 ="select from "+ cstrtblname +" where del='false' and id='"+ id +"'" set xx = conn.executetxt10 if not xx.eof then ... lots of files those will have to do input validation from user input are...