136 matches found
BlueNoteMKVI PHP Timeclock 跨站脚本漏洞
BlueNoteMKVI PHP Timeclock is an employee attendance and working hours recording system developed by BlueNoteMKVI company, based on PHP and MySQL. Version 1.04 of PHP Timeclock contains a cross-site scripting vulnerability. This vulnerability stems from multiple cross-site scripting issues,...
CVE-2026-25073
XikeStor SKS8310-8X Network Switch firmware versions 1.04.B07 and prior contain a stored cross-site scripting vulnerability that allows authenticated attackers to inject arbitrary script content through the System Name field. Attackers can inject malicious scripts that execute in a victim's brows...
CVE-2026-25070
XikeStor SKS8310-8X Network Switch firmware versions 1.04.B07 and prior contain an OS command injection vulnerability in the /goform/PingTestSet endpoint that allows unauthenticated remote attackers to execute arbitrary operating system commands. Attackers can inject malicious commands through th...
EUVD-2026-10095
XikeStor SKS8310-8X Network Switch firmware versions 1.04.B07 and prior contain a stored cross-site scripting vulnerability that allows authenticated attackers to inject arbitrary script content through the System Name field. Attackers can inject malicious scripts that execute in a victim's brows...
EUVD-2026-10093
XikeStor SKS8310-8X Network Switch firmware versions 1.04.B07 and prior contain a missing authentication vulnerability in the /switchconfig.src endpoint that allows unauthenticated remote attackers to download device configuration files. Attackers can access this endpoint without credentials to...
CVE-2026-25073
XikeStor SKS8310-8X Network Switch firmware versions 1.04.B07 and prior contain a stored cross-site scripting vulnerability that allows authenticated attackers to inject arbitrary script content through the System Name field. Attackers can inject malicious scripts that execute in a victim's brows...
CVE-2026-25073 XikeStor SKS8310-8X Stored XSS via System Name
XikeStor SKS8310-8X Network Switch firmware versions 1.04.B07 and prior contain a stored cross-site scripting vulnerability that allows authenticated attackers to inject arbitrary script content through the System Name field. Attackers can inject malicious scripts that execute in a victim's brows...
CVE-2026-25073 XikeStor SKS8310-8X Stored XSS via System Name
XikeStor SKS8310-8X Network Switch firmware versions 1.04.B07 and prior contain a stored cross-site scripting vulnerability that allows authenticated attackers to inject arbitrary script content through the System Name field. Attackers can inject malicious scripts that execute in a victim's brows...
CVE-2026-25073
Summary: CVE-2026-25073 affects XikeStor SKS8310-8X Network Switch firmware prior to 1.04.B07. A stored cross-site scripting vulnerability exists in the System Name field due to improper output encoding, allowing authenticated attackers to inject and execute scripts in a victim’s browser when the...
CVE-2026-25071 XikeStor SKS8310-8X switch_config.src Missing Authentication
XikeStor SKS8310-8X Network Switch firmware versions 1.04.B07 and prior contain a missing authentication vulnerability in the /switchconfig.src endpoint that allows unauthenticated remote attackers to download device configuration files. Attackers can access this endpoint without credentials to...
CVE-2026-25071
XikeStor SKS8310-8X Network Switch firmware versions 1.04.B07 and prior contain a missing authentication vulnerability in the /switchconfig.src endpoint that allows unauthenticated remote attackers to download device configuration files. Attackers can access this endpoint without credentials to...
CVE-2026-25070 XikeStor SKS8310-8X PingTestSet Command Injection
XikeStor SKS8310-8X Network Switch firmware versions 1.04.B07 and prior contain an OS command injection vulnerability in the /goform/PingTestSet endpoint that allows unauthenticated remote attackers to execute arbitrary operating system commands. Attackers can inject malicious commands through th...
XikeStor SKS8310-8X 跨站脚本漏洞
The XikeStor SKS8310-8X is an Ethernet switch produced by the XikeStor company. Versions of XikeStor SKS8310-8X starting from 1.04.B07 and earlier have a cross-site scripting vulnerability. This vulnerability stems from a storage-based cross-site scripting vulnerability in the System Name field,...
XikeStor SKS8310-8X 安全特征问题漏洞
The XikeStor SKS8310-8X is an Ethernet switch produced by the XikeStor company. Versions of the XikeStor SKS8310-8X Network Switch prior to 1.04.B07 have a security feature vulnerability. This vulnerability stems from a predictable session identifier present in the /goform/SetLogin endpoint, whic...
XikeStor SKS8310-8X 访问控制错误漏洞
The XikeStor SKS8310-8X is an Ethernet switch produced by the XikeStor company. Versions of XikeStor SKS8310-8X prior to 1.04.B07 contain a security vulnerability related to access control. This vulnerability stems from the absence of authentication at the /switchconfig.src endpoint, which may...
PT-2026-23784
Name of the Vulnerable Software and Affected Versions XikeStor SKS8310-8X Network Switch versions prior to 1.04.B07 Description The XikeStor SKS8310-8X Network Switch firmware contains a stored cross-site scripting issue. Authenticated attackers can inject arbitrary script content through the...
CVE-2019-25303 TheJshen contentManagementSystem 1.04 - 'id' SQL Injection
TheJshen ContentManagementSystem 1.04 contains a SQL injection vulnerability that allows attackers to manipulate database queries through the 'id' GET parameter. Attackers can exploit boolean-based, time-based, and UNION-based SQL injection techniques to extract or manipulate database information...
Project 1 - Globitek CMS SQL注入漏洞
Project 1 – Globitek CMS is a cybersecurity course developed by Jason Shen. Version 1.04 of Project 1 – Globitek CMS contains an SQL injection vulnerability. This vulnerability stems from the SQL injection present in the id GET parameter, which may allow attackers to extract or manipulate databas...
CVE-2025-66162
Missing Authorization vulnerability in merkulove Spoter for Elementor spoter-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Spoter for Elementor: from n/a through = 1.04...
EUVD-2025-203573
Missing Authorization vulnerability in merkulove Spoter for Elementor spoter-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Spoter for Elementor: from n/a through = 1.04...