Element-It: Security Vulnerabilities
A stored cross-site scripting (XSS) vulnerability in the admin interface in Element-IT HTTP Commander 7.0.0 allows unauthenticated users to get admin access by injecting a malicious script in the User-Agent field.
CVSS Score
6.1
EPSS Score
0.007
Published
2022-03-03
A cross-site scripting (XSS) vulnerability in the "Zip content" feature in Element-IT HTTP Commander 3.1.9 allows remote authenticated users to inject arbitrary web script or HTML via filenames.
CVSS Score
5.4
EPSS Score
0.001
Published
2022-01-13
A Directory Traversal vulnerability in the Unzip feature in Elements-IT HTTP Commander 5.3.3 allows remote authenticated users to write files to arbitrary directories via relative paths in ZIP archives.
CVSS Score
6.5
EPSS Score
0.004
Published
2021-07-14
A Cross-site scripting (XSS) vulnerability in the "View in Browser" feature in Elements-IT HTTP Commander 5.3.3 allows remote authenticated users to inject arbitrary web script or HTML via a crafted SVG image.
CVSS Score
5.4
EPSS Score
0.001
Published
2021-07-14
An SSRF vulnerability in the "Upload from URL" feature in Elements-IT HTTP Commander 5.3.3 allows remote authenticated users to retrieve HTTP and FTP files from the internal server network by inserting an internal address.
CVSS Score
6.5
EPSS Score
0.002
Published
2021-07-14
Unrestricted file upload vulnerability in Element-IT Ultimate Uploader 1.3 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in upload/.
CVSS Score
6.8
EPSS Score
0.034
Published
2010-04-27