17 matches found
CVE-2025-23854
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in yesstreamingdev Shoutcast and Icecast HTML5 Web Radio Player by YesStreaming.com shoutcast-and-icecast-html5-web-radio-player-by-yesstreaming-com allows Stored XSS.This issue affects Shoutcast and...
CVE-2025-23854
CVE-2025-23854 : Stored XSS in YesStreaming.com Shoutcast and Icecast HTML5 Web Radio Player. Root cause: Improper neutralization of input during web page generation. Affected product: Shoutcast and Icecast HTML5 Web Radio Player by YesStreaming.com (n/a through 3.3). Exploitation details are not...
CVE-2025-23854 WordPress Shoutcast and Icecast HTML5 Web Radio Player by YesStreaming.com plugin <= 3.3 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in yesstreamingdev Shoutcast and Icecast HTML5 Web Radio Player by YesStreaming.com shoutcast-and-icecast-html5-web-radio-player-by-yesstreaming-com allows Stored XSS.This issue affects Shoutcast and...
CVE-2025-23854 WordPress Shoutcast and Icecast HTML5 Web Radio Player by YesStreaming.com plugin <= 3.3 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in yesstreamingdev Shoutcast and Icecast HTML5 Web Radio Player by YesStreaming.com shoutcast-and-icecast-html5-web-radio-player-by-yesstreaming-com allows Stored XSS.This issue affects Shoutcast and...
CVE-2024-23854
Rejected reason: This CVE ID was unused by the CNA...
CVE-2023-23854
creationtimestamp| type| source ---|---|--- 2023-09-13 20:21:42+00:00| seen| https://t.me/cibsecurity/58052...
CVE-2023-23854
SAP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges...
CVE-2023-23854
CVE-2023-23854 affects SAP NetWeaver AS ABAP/ABAP Platform versions 700, 701, 702, 731, 740, 750, 751, 752. The root cause is lack of proper authorization checks for an authenticated user, enabling escalation of privileges. Documents from multiple sources (Red Hat, NVD, CNNVD, Nessus plugin summa...
CVE-2022-23854
creationtimestamp| type| source ---|---|--- 2022-12-24 00:14:50+00:00| seen| https://t.me/cibsecurity/55269 2023-03-21 18:00:08+00:00| exploited| https://t.me/truesecator/4195...
CVE-2022-23854
CVE-2022-23854 affects AVEVA InTouch Access Anywhere Secure Gateway (2020 R2 and earlier). The vulnerability is a path traversal issue allowing an unauthenticated remote attacker with network access to read files outside the secure gateway web server (local file inclusion/vector). Affected produc...
CVE-2022-23854
AVEVA InTouch Access Anywhere versions 2020 R2 and older are vulnerable to a path traversal exploit that could allow an unauthenticated user with network access to read files on the system outside of the secure gateway web server...
AVEVA InTouch Access Anywhere Secure Gateway 2020 R2 Path Traversal
Exploit Title: AVEVA InTouch Access Anywhere Secure Gateway 2020 R2 - Path Traversal Exploit Author: Jens Regel CRISEC IT-Security Date: 11/11/2022 CVE: CVE-2022-23854 Version: Access Anywhere Secure Gateway versions 2020 R2 and older Proof of Concept: GET...
AVEVA InTouch Access Anywhere Secure Gateway 2020 R2 - Path Traversal Vulnerability
Exploit Title: AVEVA InTouch Access Anywhere Secure Gateway 2020 R2 - Path Traversal Exploit Author: Jens Regel CRISEC IT-Security CVE: CVE-2022-23854 Version: Access Anywhere Secure Gateway versions 2020 R2 and older Proof of Concept: GET...
AVEVA InTouch Access Anywhere Secure Gateway 2020 R2 - Path Traversal
Exploit Title: AVEVA InTouch Access Anywhere Secure Gateway 2020 R2 - Path Traversal Exploit Author: Jens Regel CRISEC IT-Security Date: 11/11/2022 CVE: CVE-2022-23854 Version: Access Anywhere Secure Gateway versions 2020 R2 and older Proof of Concept: GET...
InTouch Access Anywhere Secure Gateway 2020 R2 Path Traversal Vulnerability
Title: ====== AVEVA InTouch Access Anywhere Secure Gateway - Path Traversal Author: ======= Jens Regel, CRISEC IT-Security CVE: ==== CVE-2022-23854 Advisory: ========= https://crisec.de/advisory-aveva-intouch-access-anywhere-secure-gateway-path-traversal/ Timeline: ========= 25.06.2021...
CVE-2021-23854
CVE-2021-23854 affects Bosch IP cameras’ web interface due to an error in handling the page parameter, enabling a reflected XSS in versions 7.7x and 7.6x. The issue is limited to these versions; other versions are not affected. The CVSS/metrics show a medium to high impact depending on scenario; ...
CVE-2021-23854 Reflected XSS in page parameter
An error in the handling of a page parameter in Bosch IP cameras may lead to a reflected cross site scripting XSS in the web-based interface. This issue only affects versions 7.7x and 7.6x. All other versions are not affected...