3 matches found
CVE-2024-12871
An XSS vulnerability in infiniflow/ragflow version 0.12.0 allows an attacker to upload a malicious PDF file to the knowledge base. When the file is viewed within Ragflow, the payload is executed in the context of the user's browser. This can lead to session hijacking, data exfiltration, or...
PT-2023-27617 · Phpjabbers · Phpjabbers Make An Offer Widget
Name of the Vulnerable Software and Affected Versions: PHPJabbers Make an Offer Widget version 1.0 Description: There is a Cross Site Scripting XSS issue in the action parameter of the "index.php" file. This allows for potential malicious script execution. Recommendations: For PHPJabbers Make an...
Monkey Http Daemon
After reading the PHP XSS "exploit" I dont know if it qualifies as one in phpinfo, I found out that on the default page of the Monkey Http Daemon, there is a Test of Supports section. Two links are included: http://whateverhost/php/index.php and http://whateverhost/cgi-bin/test.pl index.php just...