EUVD-2022-7661

Malicious code in bioql PyPI...

Cross-site Scripting (XSS)

vova07/yii2-fileapi-widget is vulnerable to Cross-Site Scripting XSS attacks. The library does not properly escape the special characters before it output to the front end, allowing an attacker to inject and execute malicious JavaScript via the vulnerable run function in UploadAction.php...

CVE-2017-20158

UNSUPPORTED WHEN ASSIGNED A vulnerability was found in vova07 Yii2 FileAPI Widget up to 0.1.8. It has been declared as problematic. Affected by this vulnerability is the function run of the file actions/UploadAction.php. The manipulation of the argument file leads to cross site scripting. The...

Cross site scripting

UNSUPPORTED WHEN ASSIGNED A vulnerability was found in vova07 Yii2 FileAPI Widget up to 0.1.8. It has been declared as problematic. Affected by this vulnerability is the function run of the file actions/UploadAction.php. The manipulation of the argument file leads to cross site scripting. The...

PT-2022-8023 · Unknown · Vova07 Yii2 Fileapi Widget

Name of the Vulnerable Software and Affected Versions: vova07 Yii2 FileAPI Widget versions up to 0.1.8 Description: A vulnerability was found in the vova07 Yii2 FileAPI Widget, which has been declared as problematic. The issue affects the run function of the file actions/UploadAction.php. The...