Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
avatar vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2008-6518
Unrestricted file upload vulnerability in the profile feature in VidiScript allows registered remote authenticated users to execute arbitrary code by uploading a PHP file as an Avatar, then accessing the avatar via a direct request.
Vidiscript Vidiscript -
1 EDB exploit
NA
CVE-2003-1400
Cross-site scripting (XSS) vulnerability in the Your_Account module for PHP-Nuke 5.0 up to and including 6.0 allows remote malicious users to inject arbitrary web script or HTML via the user_avatar parameter.
Francisco Burzi Php-nuke 5.2a
Francisco Burzi Php-nuke 5.3.1
Francisco Burzi Php-nuke 5.4
Francisco Burzi Php-nuke 5.5
Francisco Burzi Php-nuke 5.0
Francisco Burzi Php-nuke 5.0.1
Francisco Burzi Php-nuke 5.6
Francisco Burzi Php-nuke 6.0
Francisco Burzi Php-nuke 5.1
Francisco Burzi Php-nuke 5.2
1 EDB exploit
4.3
CVSSv3
CVE-2021-1467
A vulnerability in Cisco Webex Meetings for Android could allow an authenticated, remote malicious user to modify the avatar of another user. This vulnerability is due to improper authorization checks. An attacker could exploit this vulnerability by sending a crafted request to t...
Cisco Webex Meetings
5.4
CVSSv3
CVE-2023-52118
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Event Manager WP User Profile Avatar allows Stored XSS.This issue affects WP User Profile Avatar: from n/a up to and including 1.0.
Wp-eventmanager Wp Event Manager
4.3
CVSSv3
CVE-2022-0442
The UsersWP WordPress plugin prior to 1.2.3.1 is missing access controls when updating a user avatar, and does not make sure file names for user avatars are unique, allowing a logged in user to overwrite another users avatar.
Ayecode Userswp
NA
CVE-2006-2282
Cross-site scripting (XSS) vulnerability in X7 Chat 2.0.2 and previous versions allows remote malicious users to inject arbitrary web script or HTML via a javascript URI in the URL of an avatar, possibly related to the avatar parameter in register.php.
X7 Group X7 Chat 2.0.2
NA
CVE-2005-0259
phpBB 2.0.11, and possibly other versions, with remote avatars and avatar uploading enabled, allows local users to read arbitrary files by providing both a local and remote location for an avatar, then modifying the "Upload Avatar from a URL:" field to reference the tar...
Phpbb Group Phpbb 2.0.1
Phpbb Group Phpbb 2.0.10
Phpbb Group Phpbb 2.0.11
Phpbb Group Phpbb 2.0.2
Phpbb Group Phpbb 2.0.3
Phpbb Group Phpbb 2.0 Rc3
Phpbb Group Phpbb 2.0 Rc4
Phpbb Group Phpbb 2.0.0
Phpbb Group Phpbb 2.0.5
Phpbb Group Phpbb 2.0.6c
Phpbb Group Phpbb 2.0.8a
Phpbb Group Phpbb 2.0 Beta1
Phpbb Group Phpbb 2.0 Rc2
Phpbb Group Phpbb 2.0.6d
Phpbb Group Phpbb 2.0.7
Phpbb Group Phpbb 2.0.7a
Phpbb Group Phpbb 2.0.8
Phpbb Group Phpbb 2.0.4
Phpbb Group Phpbb 2.0.6
Phpbb Group Phpbb 2.0.9
Phpbb Group Phpbb 2.0 Rc1
7.8
CVSSv3
CVE-2020-11807
Because of Unrestricted Upload of a File with a Dangerous Type, Sourcefabric Newscoop 4.4.7 allows an authenticated user to execute arbitrary PHP code (and sometimes terminal commands) on a server by making an avatar update and then visiting the avatar file under the /images/ pat...
Sourcefabric Newscoop 4.4.7
5.4
CVSSv3
CVE-2021-37330
Laravel Booking System Booking Core 2.0 is vulnerable to Cross Site Scripting (XSS). The Avatar upload in the My Profile section could be exploited to upload a malicious SVG file which contains Javascript. Now if another user/admin views the profile and clicks to view his avatar,...
Bookingcore Booking Core 2.0
6.5
CVSSv3
CVE-2009-4449
Directory traversal vulnerability in MyBB (aka MyBulletinBoard) 1.4.10, and possibly earlier versions, when changing the user avatar from the gallery, allows remote authenticated users to determine the existence of files via directory traversal sequences in the avatar and possibl...
Mybboard Mybb 1.4.10
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-34377
CVE-2024-20859
CVE-2023-49606
inject
arbitrary
CVE-2024-33788
CVE-2024-30973
IDOR
CVE-2024-33907
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »