CVE-2024-30248

HIGH Year: 2024
CVSS v3 Score
7.7
High
Weakness Type
CWE-79
View all →

Vulnerability Description

Piccolo Admin is an admin interface/content management system for Python, built on top of Piccolo. Piccolo's admin panel allows media files to be uploaded. As a default, SVG is an allowed file type for upload. An attacker can upload an SVG which when loaded can allow arbitrary access to the admin page. This vulnerability was patched in version 1.3.2.

Related Vulnerabilities

CVE-2022-0506

HIGH
CVSS:7.7(High)

Cross-site Scripting (XSS) - Stored in Packagist microweber/microweber prior to 1.2.11.

CWE-792022

CVE-2017-18831

HIGH
CVSS:7.8(High)

Certain NETGEAR devices are affected by stored XSS. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F be...

CWE-792017

CVE-2018-11449

HIGH
CVSS:7.8(High)

A vulnerability has been identified in SCALANCE M875 (All versions). An attacker with access to the local file system might obtain passwords for administrative users. Successful exploitation requires ...

CWE-792018

CVE-2020-25399

HIGH
CVSS:7.8(High)

Stored XSS in InterMind iMind Server through 3.13.65 allows any user to hijack another user's session by sending a malicious file in the chat.

CWE-792020

CVE-2021-33025

HIGH
CVSS:7.8(High)

xArrow SCADA versions 7.2 and prior permits unvalidated registry keys to be run with application-level privileges.

CWE-792021

CVE-2021-35227

HIGH
CVSS:7.8(High)

The HTTP interface was enabled for RabbitMQ Plugin in ARM 2020.2.6 and the ability to configure HTTPS was not available.

CWE-792021