CVEs (2)
CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS |
|---|
1Tad Uploader Project 1Tad Uploader Nov 21, 2024 Oct 8, 2021 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 Tad Uploader edit book list function is vulnerable to authorization bypass, thus remote attackers can use the function to amend the folder names in the book list without logging in. |
1Tad Uploader Project 1Tad Uploader Nov 21, 2024 Oct 8, 2021 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 The new add subject parameter of Tad Uploader view book list function fails to filter special characters. Unauthenticated attackers can remotely inject JavaScript syntax and execute stored XSS attacks. |