IBM Cloud Pak System 2.3 and 2.3.0.1 could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server. IBM X-Force ID: 158280.

Stored XSS viva .properties file upload in GitHub repository star7th/showdoc prior to 2.10.4.

Stored XSS viva .webma file upload in GitHub repository star7th/showdoc prior to 2.10.4.

Stored XSS viva .svg file upload in GitHub repository polonel/trudesk prior to v1.2.0.

Stored XSS viva .svg file upload in GitHub repository causefx/organizr prior to 2.1.1810. This allows attackers to execute malicious scripts in the user's browser and it can lead to session hijacking,...

Unrestricted Upload of File with Dangerous Type in GitHub repository polonel/trudesk prior to 1.2.2.