CVE-2015-20116

Next Click Ventures RealtyScript 4.0.2 fails to properly sanitize CSV file uploads, allowing attackers to inject malicious scripts through filename parameters in multipart form data. Attackers can upload files with XSS payloads in the filename field to execute arbitrary JavaScript in users'...

CVE-2026-20116

creationtimestamp| type| source ---|---|--- 2026-03-11 16:37:38+00:00| seen| https://infosec.exchange/users/AAKL/statuses/116211519204223592 2026-03-12 03:00:07+00:00| seen| https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cc-xss-MrNAH5Jh...

CVE-2024-20116

In cmdq, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09057438; Issue ID: MSV-1696...

CVE-2023-20116

A vulnerability in the Administrative XML Web Service AXL API of Cisco Unified Communications Manager Unified CM and Cisco Unified Communications Manager Session Management Edition Unified CM SME could allow an authenticated, remote attacker to cause a denial of service DoS condition on an affect...

CVE-2022-20116

In onEntryUpdated of OngoingCallController.kt, it is possible to launch non-exported activities due to intent redirection. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12...

CVE-2025-20116

creationtimestamp| type| source ---|---|--- 2025-02-26 16:24:14+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/5523 2025-02-26 20:08:16+00:00| seen| https://t.me/cvedetector/18943...

CVE-2025-20116

Cisco APIC’s web UI stores user-supplied input without proper validation, enabling an authenticated, remote attacker with valid admin credentials to perform a stored XSS on affected systems. The impact described includes execution of arbitrary script code in the web UI context and access to brows...

CVE-2025-20116 Cisco Application Policy Infrastructure Controller Stored Cross-Site Scripting Vulnerability

A vulnerability in the web UI of Cisco APIC could allow an authenticated, remote attacker to perform a stored XSS attack on an affected system. To exploit this vulnerability, the attacker must have valid administrative credentials. This vulnerability is due to improper input validation in the web...

CVE-2023-20116

CVE-2023-20116 affects Cisco Unified Communications Manager (CUCM) and CVM Session Management Edition (Unified CM SME). The issue is an input-validation vulnerability in the Administrative XML Web Service (AXL) API’s Self Care Portal UI, where crafted HTTP input sent by an authenticated remote at...

CVE-2017-20116

creationtimestamp| type| source ---|---|--- 2022-06-29 20:37:42+00:00| seen| https://t.me/cibsecurity/45371...

CVE-2017-20116

CVE-2017-20116 affects TrueConf Server 4.3.7. Vulnerability in the /admin/group/list/ endpoint (parameter checked_group_id) allows remote, reflected XSS due to insufficient input sanitization. Exploitation publicly disclosed. In practice, upgrading to TrueConf Server 5.0.2+ (or applying vendor-pr...

CVE-2017-20116 TrueConf Server Reflected cross site scripting

A vulnerability was found in TrueConf Server 4.3.7. It has been classified as problematic. Affected is an unknown function of the file /admin/group/list/. The manipulation of the argument checkedgroupid leads to basic cross site scripting Reflected. It is possible to launch the attack remotely. T...

CVE-2022-20116

creationtimestamp| type| source ---|---|--- 2022-05-11 00:39:19+00:00| seen| https://t.me/cibsecurity/42303...

CVE-2022-20116

In onEntryUpdated of OngoingCallController.kt, it is possible to launch non-exported activities due to intent redirection. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12...

CVE-2022-20116

In onEntryUpdated of OngoingCallController.kt, it is possible to launch non-exported activities due to intent redirection. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12...

CVE-2022-20116

CVE-2022-20116 affects Android 12/12L, arising from onEntryUpdated in OngoingCallController.kt where an intent redirection allows launching non-exported activities. This enables local elevation of privilege with no user interaction required, given User execution privileges. The issue is documente...

CVE-2021-20116

TCExam is affected by a reflected XSS vulnerability (CVE-2021-20116) in versions up to 14.8.4, caused by improper validation of path parameters in tce_select_mediafile.php (f, d, and dir). An attacker can craft a malicious link that, when clicked by an administrator, may hijack the administrator’...

CVE-2010-20116

...