Download easysocial pro 2.0.179/12/2023 OX App Suite through 8.2 allows XSS because BMFreehand10 and image/x-freehand are not blocked.Īuthenticated (author or higher user role) Persistent Cross-Site Scripting (XSS) vulnerability in Image Slider by NextCode plugin Add Article" screen.ĬMS Made Simple (CMSMS) 2.2.11 allows stored XSS by an admin via a crafted image filename on the "file manager > upload images" screen.īolt before 3.6.10 has XSS via an image's alt or title field. The administrator can choose to allow only image, video, and audio files (i.e., not PDF) if desired. NOTE: the project documentation suggests that a user with the Media Library "Create (upload)" permission is supposed to be able to upload PDF files containing JavaScript, and that all files in a public assets folder are accessible to the outside world (unless the filename begins with a dot character). ** DISPUTED ** An unrestricted file upload vulnerability in the Add New Assets function of Strapi 4.1.12 allows attackers to conduct XSS attacks via a crafted PDF file. ![]() ![]() Jenkins Image Tag Parameter Plugin 1.10 and earlier does not escape the name and description of Image Tag parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. As a workaround, cached content can be cleared by re-deploying the site. This problem has been fixed in version 1.2.3. The image URL can be set in the header independently of the request URL, meaning any site images that have not previously been cached can have their cache poisoned. ![]() Reflected Cross-Site Scripting (XSS) vulnerability in I Thirteen Web Solution Continuous Image Carousel With Lightbox plugin ` tags, as scripts do not execute in this context. ChurchCRM v4.5.4 is vulnerable to Reflected Cross-Site Scripting (XSS) via image file.Ī stored cross-site scripting (XSS) vulnerability in alkacon-OpenCMS v11.0.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title field under the Upload Image module.
0 Comments
Leave a Reply.AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |