9 matches found
CVE-2026-3749
A weakness has been identified in Bytedesk up to 1.3.9. This vulnerability affects the function handleFileUpload of the file source-code/src/main/java/com/bytedesk/core/upload/UploadRestService.java of the component SVG File Handler. Executing a manipulation can lead to unrestricted upload. The...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the upload, create, and rename features for files with HTML and SVG types, due to insufficient content-type validation and lack of output sanitization. An attacker can execute arbitrary scripts in the contex...
Linux Distros Unpatched Vulnerability : CVE-2018-19882
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Artifex MuPDF 1.14.0, the svgrunimage function in svg/svg-run.c allows remote attackers to cause a denial of service hrefatt NULL pointer dereference and...
OpenCart 安全漏洞
OpenCart is an open source e-commerce system by the OpenCart team in China. The system provides modules for product reviews, product ratings, and product additions. A security vulnerability exists in OpenCart version 4.1.0.4, which stems from an unvalidated SVG file that could lead to stored...
CVE-2024-6896
The AMP for WP – Accelerated Mobile Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.96.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
PT-2023-9698 · Nextcloud +1 · Nextcloud Enterprise Server +2
Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions prior to 27.1.10 Nextcloud Server versions prior to 28.0.6 Nextcloud Server versions prior to 29.0.1 Nextcloud Enterprise Server versions prior to 24.0.12.15 Nextcloud Enterprise Server versions prior to 25.0.13.10...
CVE-2022-31447
An XML external entity XXE injection vulnerability in Magicpin v3.4 allows attackers to access sensitive database information via a crafted SVG file...
PYSEC-2020-241
MoinMoin is a wiki engine. In MoinMoin before version 1.9.11, an attacker with write permissions can upload an SVG file that contains malicious javascript. This javascript will be executed in a user's browser when the user is viewing that SVG file on the wiki. Users are strongly advised to upgrad...
CVE-2004-1244
Windows Media Player 9 allows remote attackers to execute arbitrary code via a PNG file containing large 1 width or 2 height values, aka the "PNG Processing Vulnerability."...