Lucene search
+L

15 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-55974

Malicious code in bioql PyPI...

5.4CVSS5.6AI score0.00297EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-2187

Malicious code in bioql PyPI...

5.4CVSS5.4AI score0.00578EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-1080

Malicious code in bioql PyPI...

6.5CVSS6AI score0.01162EPSS
Exploits0References8
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2023-55709

Malicious code in bioql PyPI...

9CVSS8.9AI score0.01286EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2025/07/08 12:0 a.m.9 views

PT-2025-28636 · Mediawiki · Msupload Extension +1

Name of the Vulnerable Software and Affected Versions: MediaWiki - MsUpload extension versions 1.39.X through 1.39.12 MediaWiki - MsUpload extension versions 1.42.X through 1.42.6 MediaWiki - MsUpload extension versions 1.43.X through 1.43.1 Description: The MsUpload extension for MediaWiki is...

5.4CVSS5.4AI score0.0017EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/06/02 11:3 a.m.21 views

CVE-2025-48494 Gokapi vulnerable to stored XSS via uploading file with malicious file name

Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. When using end-to-end encryption, a stored cross-site scripting vulnerability can be exploited by uploading a file with JavaScript code embedded in the filename. After upload and every time someone opens...

4.8CVSS0.0014EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/23 7:4 a.m.7 views

CVE-2024-50859

The ipimportaclcsv request in GestioIP v3.5.7 is vulnerable to Reflected XSS. When a user uploads an improperly formatted file, the content may be reflected in the HTML response, allowing the attacker to execute malicious scripts or exfiltrate data...

4.8CVSS6.8AI score0.00847EPSS
Exploits3References1
CVE
CVE
added 2025/01/21 5:2 p.m.60 views

CVE-2025-24018

YesWiki 4.4.5 and earlier are vulnerable to an authenticated stored XSS via the attach component. The root cause is unsafe handling of non-existent filenames in the attach.lib.php showFileNotExits() path, which can emit a file upload button containing the filename and allow script injection when ...

7.6CVSS5.8AI score0.00392EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2025/01/07 10:4 p.m.65 views

CVE-2025-22132

CVE-2025-22132 affects the WeGIA web manager for charitable institutions. The vulnerability is a Cross-Site Scripting (XSS) in the file upload functionality at the endpoint WeGIA/html/socio/sistema/controller/controla_xlsx.php . An attacker can upload a file containing malicious JavaScript, causi...

8.3CVSS7.3AI score0.0042EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2024/07/13 6:0 a.m.22 views

CVE-2024-4269 SVG Block < 1.1.20 - Author+ Stored XSS via SVG File Upload

The SVG Block WordPress plugin before 1.1.20 does not sanitize SVG file contents, which enables users with at least the author role to SVG with malicious JavaScript to conduct Stored XSS attacks...

0.00417EPSS
Exploits1References1
OSV
OSV
added 2021/11/10 11:15 a.m.19 views

CVE-2021-25975

In publify, versions v8.0 to v9.2.4 are vulnerable to stored XSS as a result of an unrestricted file upload. This issue allows a user with “publisher” role to inject malicious JavaScript via the uploaded html file...

5.4CVSS5.1AI score0.00578EPSS
Exploits0References2
Cvelist
Cvelist
added 2021/10/18 1:45 p.m.15 views

CVE-2021-24642 Scroll Baner <= 1.0 - CSRF to RCE

The Scroll Baner WordPress plugin through 1.0 does not have CSRF check in place when saving its settings, nor perform any sanitisation, escaping or validation on them. This could allow attackers to make logged in admin change them and could lead to RCE via a file upload as well as XSS...

6.4AI score0.00553EPSS
Exploits2References1
Prion
Prion
added 2019/11/22 7:15 p.m.17 views

Unrestricted file upload

Unrestricted file upload vulnerability in the Worksheet designer in SpagoBI before 4.1 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory, aka "XSS File Upload...

6CVSS7.7AI score0.06706EPSS
Exploits6References3Affected Software1
OSV
OSV
added 2014/11/22 10:54 a.m.68 views

MGASA-2014-0483 Updated moodle package fixes security vulnerabilities

In Moodle before 2.6.5, without forcing encoding, it was possible that UTF7 characters could be used to force cross-site scripts to AJAX scripts although this is unlikely on modern browsers and on most Moodle pages MSA-14-0035. In Moodle before 2.6.5, an XSS issue through $searchcourse in...

7.5CVSS5.9AI score0.02427EPSS
Exploits0References18
0day.today
0day.today
added 2014/03/04 12:0 a.m.70 views

SpagoBI 4.0 - Arbitrary XSS File Upload

Exploit for php platform in category web applications Introduction SpagoBI1 is an Open Source Business Intelligence suite, belonging to the free/open source SpagoWorld initiative, founded and supported by Engineering Group2. It offers a large range of analytical functions, a highly functional...

0.2AI score0.06706EPSS
Exploits6
Rows per page
Query Builder