Filtered by vendor Liquidfiles
Subscriptions
Total
5 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2023-4393 | 1 Liquidfiles | 1 Liquidfiles | 2024-11-21 | 5.4 Medium |
HTML and SMTP injections on the registration page of LiquidFiles versions 3.7.13 and below, allow an attacker to perform more advanced phishing attacks against an organization. | ||||
CVE-2021-43397 | 1 Liquidfiles | 1 Liquidfiles | 2024-11-21 | 8.8 High |
LiquidFiles before 3.6.3 allows remote attackers to elevate their privileges from Admin (or User Admin) to Sysadmin. | ||||
CVE-2021-30140 | 1 Liquidfiles | 1 Liquidfiles | 2024-11-21 | 5.4 Medium |
LiquidFiles 3.4.15 has stored XSS through the "send email" functionality when sending a file via email to an administrator. When a file has no extension and contains malicious HTML / JavaScript content (such as SVG with HTML content), the payload is executed upon a click. This is fixed in 3.5. | ||||
CVE-2020-29072 | 1 Liquidfiles | 1 Liquidfiles | 2024-11-21 | 6.1 Medium |
A Cross-Site Script Inclusion vulnerability was found on LiquidFiles before 3.3.19. This client-side attack requires user interaction (opening a link) and successful exploitation could lead to encrypted e-mail content leakage via messages/sent?format=js and popup?format=js. | ||||
CVE-2020-29071 | 1 Liquidfiles | 1 Liquidfiles | 2024-11-21 | 9.0 Critical |
An XSS issue was found in the Shares feature of LiquidFiles before 3.3.19. The issue arises from the insecure rendering of HTML files uploaded to the platform as attachments, when the -htmlview URL is directly accessed. The impact ranges from executing commands as root on the server to retrieving sensitive information about encrypted e-mails, depending on the permissions of the target user. |
Page 1 of 1.