Jirafeau normally prevents browser preview for text files due to the possibility that for example SVG and HTML documents could be exploited for cross site scripting. This was done by storing the MIME
Jirafeau normally prevents browser preview for text files due to the possibility that for example SVG and HTML documents could be exploited for cross site scripting. This was done by storing the MIME
Jirafeau normally prevents browser preview for SVG files due to the possibility that manipulated SVG files could be exploited for cross site scripting. This was done by storing the MIME type of a file
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kailey (trepmal) More Mime Type Filters more-mime-type-filters allows Stored XSS.This issue affect
Due to missing input sanitization, an attacker can perform cross-site-scripting attacks and run arbitrary Javascript in the browser of other users. The "File Name" page (/cgi/uset.cgi?-cfilename) in t
efw4.X is an Enterprise Framework for Web. Prior to 4.08.010, the previewServlet serves files with their detected MIME type based on file extension, without any content sanitization or security header
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ravi Kumar Vanukuru RSV PDF Preview rsv-pdf-preview allows Stored XSS.This issue affects RSV PDF P
The PJW Mime Config plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0 due to insufficient input sanitization and output e
A Cross-site Scripting (XSS) vulnerability exists in janeczku/calibre-web, specifically in the file `edit_books.js`. The vulnerability occurs when editing book properties, such as uploading a cover or
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Creative Brahma Multifox allows Stored XSS.This issue affects Multifox: from n/a through 1.3.7.
The '/api/v1/files/images/{flow_id}/{file_name}' endpoint serves SVG files with the 'image/svg+xml' content type without sanitizing their content.
Since SVG files can contain embedded JavaScript, an
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in smartredfox Pretty file links pretty-file-links allows Stored XSS.This issue affects Pretty file l
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in jasonpancake Hover Video Preview hover-video-preview allows Stored XSS.This issue affects Hover Vi
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Yongki Agustinus Animated Typed JS Shortcode allows Stored XSS.This issue affects Animated
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in origincode Video Gallery – Vimeo and YouTube Gallery smart-grid-gallery allows Stored XSS.This iss
A Cross Site Scripting (XSS) vulnerability exists in Decap CMS thru 3.8.3. Input fields such as body, tags, title, and description are not properly sanitized before being rendered in the content previ
A stored cross-site scripting (XSS) vulnerability exists in the Portfolio feature of the Foxit PDF Editor cloud (pdfonline.foxit.com). User-supplied SVG files are not properly sanitized or validated b
File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. The Markdown preview function of File Browser prior t
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in catchthemes Full frame full-frame allows Stored XSS.This issue affects Full frame: from n/a throug
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Tumult Inc Tumult Hype Animations allows DOM-Based XSS.This issue affects Tumult Hype Anima
Page 1+ Next →