Improper sanitization of SVG files in HCL Domino Volt allows client-side script injection in deployed applications.
Improper sanitization of SVG files in HCL Leap
allows client-side script injection in deployed applications.
Multiple vectors in HCL Domino Volt and Domino Leap allow client-side
script injection in the authoring environment and deployed applications.
Insufficient sanitization policy in HCL Leap
allows client-side script injection in the deployed application through the
HTML widget.
Unsafe default file type filter policy in HCL Domino Volt allows upload of .html file and execution of unsafe JavaScript in deployed applications.
Unsafe default file type filter policy in HCL Domino Volt allows upload of .html file and execution of unsafe JavaScript in deployed applications
Insufficient URI protocol whitelist in HCL Domino Volt and Domino Leap
allow script injection through query parameters.
Insufficient sanitization in HCL Leap allows
client-side script injection in the authoring environment.
Insufficient sanitization policy in HCL Leap
allows client-side script injection in the deployed application through the
HTML widget.
A stored cross-site scripting (XSS) vulnerability exists in the Portfolio feature of the Foxit PDF Editor cloud (pdfonline.foxit.com). User-supplied SVG files are not properly sanitized or validated b
A security vulnerability has been detected in DbGate up to 7.1.4. This affects an unknown function of the file packages/web/src/icons/FontIcon.svelte of the component SVG Icon String Handler. Such man
A Stored Cross-Site Scripting (XSS) vulnerability exists in authenticated SVG file upload and viewing functionality in UJCMS 9.6.3. The vulnerability arises from insufficient sanitization of embedded
A vulnerability was found in Ascensio System SIA OnlyOffice up to 12.7.0. This issue affects some unknown processing of the file /Products/Projects/Messages.aspx of the component SVG Image Handler. Pe
A vulnerability was determined in badlogic pi-mono 0.58.4. The impacted element is an unknown function of the file packages/web-ui/src/tools/artifacts/SvgArtifact.ts of the component SVG Artifact Hand
Insufficient validation of node IDs in Qt SVG module allows arbitrary QML/JavaScript code injection when loading malicious SVG files through the VectorImage component in Qt Quick. While QML execution
Phraseanet 4.0.3 contains a stored cross-site scripting vulnerability that allows authenticated users to inject malicious scripts through crafted file names during document uploads. Attackers can uplo
Stored cross-site scripting (XSS) vulnerability in the LMT Dashboard of the Perx Customer Engagement & Loyalty Platform allows an authenticated attacker to execute arbitrary JavaScript code in a victi
Todoist v8896 is vulnerable to Cross Site Scripting (XSS) in /api/v1/uploads. Uploaded SVG files have no sanitization applied, so embedded JavaScript executes when a user opens the attachment from a t
A vulnerability was identified in givanz Vvveb up to 1.0.7.2. Affected by this issue is some unknown functionality of the component SVG File Handler. Such manipulation leads to cross site scripting. T
Stored Cross-Site Scripting (XSS) vulnerability in Kubysoft, where uploaded SVG images are not properly sanitized. This allows attackers to embed malicious scripts within SVG files as visual content,
Page 1+ Next →