15 matches found
EUVD-2023-55974
Malicious code in bioql PyPI...
EUVD-2022-2187
Malicious code in bioql PyPI...
EUVD-2023-1080
Malicious code in bioql PyPI...
EUVD-2023-55709
Malicious code in bioql PyPI...
PT-2025-28636 · Mediawiki · Msupload Extension +1
Name of the Vulnerable Software and Affected Versions: MediaWiki - MsUpload extension versions 1.39.X through 1.39.12 MediaWiki - MsUpload extension versions 1.42.X through 1.42.6 MediaWiki - MsUpload extension versions 1.43.X through 1.43.1 Description: The MsUpload extension for MediaWiki is...
CVE-2025-48494 Gokapi vulnerable to stored XSS via uploading file with malicious file name
Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. When using end-to-end encryption, a stored cross-site scripting vulnerability can be exploited by uploading a file with JavaScript code embedded in the filename. After upload and every time someone opens...
CVE-2024-50859
The ipimportaclcsv request in GestioIP v3.5.7 is vulnerable to Reflected XSS. When a user uploads an improperly formatted file, the content may be reflected in the HTML response, allowing the attacker to execute malicious scripts or exfiltrate data...
CVE-2025-24018
YesWiki 4.4.5 and earlier are vulnerable to an authenticated stored XSS via the attach component. The root cause is unsafe handling of non-existent filenames in the attach.lib.php showFileNotExits() path, which can emit a file upload button containing the filename and allow script injection when ...
CVE-2025-22132
CVE-2025-22132 affects the WeGIA web manager for charitable institutions. The vulnerability is a Cross-Site Scripting (XSS) in the file upload functionality at the endpoint WeGIA/html/socio/sistema/controller/controla_xlsx.php . An attacker can upload a file containing malicious JavaScript, causi...
CVE-2024-4269 SVG Block < 1.1.20 - Author+ Stored XSS via SVG File Upload
The SVG Block WordPress plugin before 1.1.20 does not sanitize SVG file contents, which enables users with at least the author role to SVG with malicious JavaScript to conduct Stored XSS attacks...
CVE-2021-25975
In publify, versions v8.0 to v9.2.4 are vulnerable to stored XSS as a result of an unrestricted file upload. This issue allows a user with “publisher” role to inject malicious JavaScript via the uploaded html file...
CVE-2021-24642 Scroll Baner <= 1.0 - CSRF to RCE
The Scroll Baner WordPress plugin through 1.0 does not have CSRF check in place when saving its settings, nor perform any sanitisation, escaping or validation on them. This could allow attackers to make logged in admin change them and could lead to RCE via a file upload as well as XSS...
Unrestricted file upload
Unrestricted file upload vulnerability in the Worksheet designer in SpagoBI before 4.1 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory, aka "XSS File Upload...
MGASA-2014-0483 Updated moodle package fixes security vulnerabilities
In Moodle before 2.6.5, without forcing encoding, it was possible that UTF7 characters could be used to force cross-site scripts to AJAX scripts although this is unlikely on modern browsers and on most Moodle pages MSA-14-0035. In Moodle before 2.6.5, an XSS issue through $searchcourse in...
SpagoBI 4.0 - Arbitrary XSS File Upload
Exploit for php platform in category web applications Introduction SpagoBI1 is an Open Source Business Intelligence suite, belonging to the free/open source SpagoWorld initiative, founded and supported by Engineering Group2. It offers a large range of analytical functions, a highly functional...