File Upload Validation Bypass

Django is vulnerable to File Upload Validation Bypass. The vulnerability exists due to the FileInput class in widgets.py because uploading multiple files using one form field has never been officially supported by forms.FileField or forms.ImageField as only the last uploaded file was validated,...

GHSA-5PQF-RVM7-3WGW collective.contact.widget is vulnerable to cross-site scripting

collective.contact.widget is an add-on is part of the collective.contact. suite. A vulnerability classified as problematic was found in collective.contact.widget up to 1.12. This vulnerability affects the function title of the file src/collective/contact/widget/widgets.py. The manipulation leads ...

CVE-2022-4638

A vulnerability classified as problematic was found in collective.contact.widget up to 1.12. This vulnerability affects the function title of the file src/collective/contact/widget/widgets.py. The manipulation leads to cross site scripting. The attack can be initiated remotely. The name of the...

CVE-2022-4638 collective.contact.widget widgets.py title cross site scripting

A vulnerability classified as problematic was found in collective.contact.widget up to 1.12. This vulnerability affects the function title of the file src/collective/contact/widget/widgets.py. The manipulation leads to cross site scripting. The attack can be initiated remotely. The name of the...

Cross-site Scripting (XSS)

mayan-edms is vulnerable to cross-site scripting XSS attacks. The vulnerability exists due to the lack of sanitization of node.label in the jstreedata function of mayan/apps/cabinets/widgets.py, causing XSS attacks...