Filtered by vendor Liquidfiles
Subscribe
Search
Total
2 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-30140 | 1 Liquidfiles | 1 Liquidfiles | 2022-05-19 | 3.5 LOW | 5.4 MEDIUM |
| LiquidFiles 3.4.15 has stored XSS through the "send email" functionality when sending a file via email to an administrator. When a file has no extension and contains malicious HTML / JavaScript content (such as SVG with HTML content), the payload is executed upon a click. This is fixed in 3.5. | |||||
| CVE-2020-29072 | 1 Liquidfiles | 1 Liquidfiles | 2020-12-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Cross-Site Script Inclusion vulnerability was found on LiquidFiles before 3.3.19. This client-side attack requires user interaction (opening a link) and successful exploitation could lead to encrypted e-mail content leakage via messages/sent?format=js and popup?format=js. | |||||