CVE-2024-33300

CVE-2024-33300 affects Typora (versions 1.0.0 through 1.7). The issue is a cross-site scripting (XSS) vulnerability that attackers can exploit by uploading Markdown files to execute arbitrary code. The connected Red Hat, NVD, CNNVD and other sources corroborate Typora as the affected software and...

CVE-2023-30205

A stored cross-site scripting XSS vulnerability in DouPHP v1.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the uniqueid parameter in /admin/article.php...

Cross site scripting

A stored cross-site scripting XSS vulnerability in DouPHP v1.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the uniqueid parameter in /admin/article.php...

CVE-2022-46438

A cross-site scripting XSS vulnerability in the /admin/articlecategory.php component of DouPHP v1.7 20221118 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the description parameter...

CVE-2022-22115

The CVE-2022-22115 entry concerns Teedy (open-source document management). The vulnerability is a Stored XSS flaw in the name of a created Tag, caused by improper sanitization on the Edit Tag page. A low-privileged attacker can store malicious scripts in a Tag name, with potential impact to a hig...

Security Bulletin: Apache Wink as used by IBM Disconnected Log Collector is vulnerable to an XML External Entity Error (XXE) (CVE-2010-2245)

Summary Apache Wink as used by IBM Disconnected Log Collector is vulnerable to an XML External Entity Error XXE Vulnerability Details CVEID: CVE-2010-2245 DESCRIPTION: Apache Wink could allow a remote attacker to obtain sensitive information, caused by an XML external entity XXE error when...

CVE-2021-24615 Wechat Reward <= 1.7 - CSRF to Stored Cross-Site Scripting

The Wechat Reward WordPress plugin through 1.7 does not sanitise or escape its QR settings, nor has any CSRF check in place, allowing attackers to make a logged in admin change the settings and perform Cross-Site Scripting attacks...

CVE-2020-18020

SQL Injection in PHPSHE Mall System v1.7 allows remote attackers to execute arbitrary code by injecting SQL commands into the "userphone" parameter of a crafted HTTP request to the "admin.php" component...

Race condition

There exists a race condition between the deletion of the temporary file and the creation of the temporary directory in webkit subproject of HTML/Java API version 1.7. A similar vulnerability has recently been disclosed in other Java projects and the fix in HTML/Java API version 1.7.1 follows...

CVE-2020-17534

There exists a race condition between the deletion of the temporary file and the creation of the temporary directory in webkit subproject of HTML/Java API version 1.7. A similar vulnerability has recently been disclosed in other Java projects and the fix in HTML/Java API version 1.7.1 follows...

Nexos - Real Estate < 1.8 - Unauthenticated Reflected XSS & SQL Injection

Unauthenticated Reflected XSS and SQL Injection vulnerabilities were discovered in the «Nexos - Real Estate WordPress Theme», tested version — v1.7. June 17th, 2020 - Confirmed & Escalated to Envato. June 19th, 2020 - v1.8 released. Fixing the issues. PoC PoC Unauthenticated Reflected XSS:...

Description of Update 1 for Microsoft Advanced Threat Analytics v1.7

Describes the features and functionality of Update 1 for Microsoft Advanced Threat Analytics ATA v1.7.This article describes an update for Microsoft Advanced Threat Analytics ATA v1.7.DO NOT run the command in this article on the versions that are later than v1.7, as this damages the system. Also...

CVE-2019-6812

A CWE-798 use of hardcoded credentials vulnerability exists in BMX-NOR-0200H with firmware versions prior to V1.7 IR 19 which could cause a confidentiality issue when using FTP protocol...

Code injection

There is a CSRF in SDCMS V1.7 via an m=admin&c=theme&a=edit request. It allows PHP code injection by providing a filename in the file parameter, and providing file content in the t2 parameter...

CVE-2019-9651

An issue was discovered in SDCMS V1.7. In the \app\admin\controller\themecontroller.php file, the checkbad function's filtering is not strict, resulting in PHP code execution. This occurs because some dangerous PHP functions such as "eval" are blocked but others such as "system" are not, and...

Code injection

An issue was discovered in SDCMS V1.7. In the \app\admin\controller\themecontroller.php file, the checkbad function's filtering is not strict, resulting in PHP code execution. This occurs because some dangerous PHP functions such as "eval" are blocked but others such as "system" are not, and...

CVE-2019-9651

CVE-2019-9651 pertains to SDCMS v1.7, where the check_bad() filtering in the file \app\admin\controller\themecontroller.php is insufficiently strict. This allows PHP code execution because dangerous functions (e.g., eval) are blocked while others (e.g., system) are not, and because blocking ".php...

CVE-2019-9652

SDCMS V1.7 contains a CSRF leading to PHP code injection via an m=admin&c=theme&a=edit request. The vulnerable component is the file handling (filename via the file parameter and content via t2), enabling remote code execution within the CMS. Concrete details across sources confirm the attack vec...

CVE-2019-9651

An issue was discovered in SDCMS V1.7. In the \app\admin\controller\themecontroller.php file, the checkbad function's filtering is not strict, resulting in PHP code execution. This occurs because some dangerous PHP functions such as "eval" are blocked but others such as "system" are not, and...

CVE-2019-9652

There is a CSRF in SDCMS V1.7 via an m=admin&c=theme&a=edit request. It allows PHP code injection by providing a filename in the file parameter, and providing file content in the t2 parameter...