2 matches found
CVE-2022-41442
PicUploader v2.6.3 is affected by a cross-site scripting (XSS) vulnerability in the setStorageParams function of SettingController.php. The CVE-2022-41442 entry identifies an XSS issue with a MEDIUM base score (6.1, CVSS 3.1) and a user interaction requirement, indicating exploitation would invol...
CVE-2022-36748
CVE-2022-36748 affects PicUploader v2.6.3, with a Cross-Site Scripting (XSS) vulnerability exposed through the /master/index.php component. The NVD entry documents the vulnerability as an XSS with a network attack vector, requiring user interaction, and reports low impact on confidentiality and i...