CVE-2025-10091

creationtimestamp| type| source ---|---|--- 2025-09-08 15:40:46+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lydk3goci52s...

CVE-2025-10091 Jinher OA XML Type xml external entity reference

A vulnerability has been found in Jinher OA up to 1.2. This affects an unknown function of the file /c6/Jhsoft.Web.projectmanage/ProjectManage/XmlHttp.aspx/?Type=add of the component XML Handler. The manipulation leads to xml external entity reference. Remote exploitation of the attack is possibl...

CVE-2020-10091

GitLab 9.3 through 12.8.1 allows XSS. A cross-site scripting vulnerability was found when viewing particular file types...

CVE-2015-10091

A vulnerability has been found in ByWater Solutions bywater-koha-xslt and classified as critical. This vulnerability affects the function StringSearch of the file admin/systempreferences.pl. The manipulation of the argument name leads to sql injection. The attack can be initiated remotely...

CVE-2024-10091

creationtimestamp| type| source ---|---|--- 2024-10-26 05:37:51+00:00| seen| https://t.me/cvedetector/9012...

CVE-2024-10091 ElementsKit Elementor addons <= 3.2.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Comparison Widget

The ElementsKit Elementor addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Comparison Widget in all versions up to, and including, 3.2.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2024-10091 ElementsKit Elementor addons <= 3.2.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Comparison Widget

The ElementsKit Elementor addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Comparison Widget in all versions up to, and including, 3.2.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2015-10091

creationtimestamp| type| source ---|---|--- 2023-03-06 07:12:30+00:00| seen| https://t.me/cibsecurity/59448...

CVE-2015-10091

Affected product: ByWater Solutions bywater-koha-xslt. Vulnerable component: StringSearch function in admin/systempreferences.pl. Root cause: input of the name parameter enables SQL injection. Impact: remote attack possible; no specific versions are detailed in the sources. Known remediation: pat...

SUSE CVE-2016-10091

Multiple stack-based buffer overflows in unrtf 0.21.9 allow remote attackers to cause a denial-of-service by writing a negative integer to the 1 cmdexpand function, 2 cmdemboss function, or 3 cmdengrave function...

CVE-2019-10091

creationtimestamp| type| source ---|---|--- 2020-03-16 17:46:02+00:00| seen| https://t.me/cibsecurity/10516...

CVE-2019-10091

CVE-2019-10091 affects Apache Geode. When TLS is enabled and ssl-endpoint-identification-enabled is true, Geode may fail to verify hostnames in the certificate SAN during the SSL handshake, enabling potential man-in-the-middle scenarios and compromising intra-cluster communications. The issue is ...

CVE-2020-10091

GitLab 9.3 through 12.8.1 allows XSS. A cross-site scripting vulnerability was found when viewing particular file types...

CVE-2020-10091

Removed by vendor...

CVE-2020-10091

GitLab 9.3–12.8.1 is affected by a cross-site scripting (XSS) vulnerability in the web UI, arising from improper validation of client-side data when viewing certain file types. Impact could include execution of client-side code in the context of a user’s session. Remediation: upgrade to GitLab 12...

CVE-2018-10091

CVE-2018-10091 affects AudioCodes IP phone 420HD devices running firmware 2.2.12.126. The vulnerability is a stored XSS in the CGI interface (mainform.cgi), caused by insufficient input sanitization on user-controllable fields (e.g., Name, Office, Home, Mobile) on the Directory page. Evidence fro...

Fedora Update for unrtf FEDORA-2018-9dd3f7c013

The remote host is missing an update for the SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

AudioCode 400HD Cross Site scripting

CVE-2018-10091 Stored XSS vulnerabilities in AudioCode IP phones Description The AudioCodes 400HD series of IP phones is a range of easy-to-use, feature-rich desktop devices for the service provider hosted services, enterprise IP telephony and contact center markets. Most of user inputs in the CG...

AudioCode 400HD Cross Site scripting Vulnerability

Exploit for cgi platform in category web applications CVE-2018-10091 Stored XSS vulnerabilities in AudioCode IP phones Description The AudioCodes 400HD series of IP phones is a range of easy-to-use, feature-rich desktop devices for the service provider hosted services, enterprise IP telephony and...

CVE-2017-10091

Vulnerability in the Enterprise Manager Base Platform component of Oracle Enterprise Manager Grid Control subcomponent: UI Framework. Supported versions that are affected are 12.1.0, 13.1.0 and 13.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to...