CVE
Vendors
Products
Updated
CVSS v2
CVSS v3
Stored XSS via File Upload in star7th/showdoc in star7th/showdoc in GitHub repository star7th/showdoc prior to 2.10.4.
Stored XSS via File Upload in star7th/showdoc in GitHub repository star7th/showdoc prior to 2.4.10.
Stored XSS viva .ofd file upload in GitHub repository star7th/showdoc prior to 2.10.4.
Stored XSS viva .webmv file upload in GitHub repository star7th/showdoc prior to 2.10.4.
Unrestricted XML Files Leads to Stored XSS in GitHub repository microweber/microweber prior to 1.2.12.
Stored XSS viva .webma file upload in GitHub repository star7th/showdoc prior to 2.10.4.
The microweber application allows large characters to insert in the input field "post title" which can allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request. in GitHub repository microweber/microweber prior to 1.2.12.
Stored XSS viva .properties file upload in GitHub repository star7th/showdoc prior to 2.10.4.
A malicious, but authorised and authenticated user can construct an HTTP request using their existing CSRF token and session cookie to manually upload files to any location that the operating system user account under which pgAdmin is running has permission to write.
The Mark Posts WordPress plugin before 2.0.1 does not escape new markers, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed