OpenCVE

Filtered by vendor Picuploader Project Subscriptions

Filtered by product Picuploader Subscriptions

Total 3 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2022-41442	1 Picuploader Project	1 Picuploader	2024-11-21	6.1 Medium
PicUploader v2.6.3 was discovered to contain cross-site scripting (XSS) vulnerability via the setStorageParams function in SettingController.php.
CVE-2022-36748	1 Picuploader Project	1 Picuploader	2024-11-21	6.1 Medium
PicUploader v2.6.3 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /master/index.php.
CVE-2024-44796	2 Picuploader Project, Xiebruce	2 Picuploader, Picuploader	2024-09-06	8 High
A cross-site scripting (XSS) vulnerability in the component /auth/AzureRedirect.php of PicUploader commit fcf82ea allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the error_description parameter.

Page 1 of 1.