21 matches found
CVE-2019-25296
creationtimestamp| type| source ---|---|--- 2026-01-08 05:59:43+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mbvcirf6qd2e 2026-01-08 07:53:24+00:00| seen| https://gist.github.com/Darkcrai86/6ab032bb98f919b2a70d52831bdf7208 2026-01-08 21:03:10+00:00| seen|...
Exploit for Cross-site Scripting in Humansignal Label_Studio
CVE-2025-25296 Proof of Concept POC Description This pr...
CVE-2025-25296
Label Studio is an open source data labeling tool. Prior to version 1.16.0, Label Studio's /projects/upload-example endpoint allows injection of arbitrary HTML through a GET request with an appropriately crafted labelconfig query parameter. By crafting a specially formatted XML label config with...
CVE-2025-25296
Label Studio is an open source data labeling tool. Prior to version 1.16.0, Label Studio's /projects/upload-example endpoint allows injection of arbitrary HTML through a GET request with an appropriately crafted labelconfig query parameter. By crafting a specially formatted XML label config with...
CVE-2025-25296 Label Studio allows Cross-Site Scripting (XSS) via GET request to `/projects/upload-example` endpoint
Label Studio is an open source data labeling tool. Prior to version 1.16.0, Label Studio's /projects/upload-example endpoint allows injection of arbitrary HTML through a GET request with an appropriately crafted labelconfig query parameter. By crafting a specially formatted XML label config with...
CVE-2025-25296 Label Studio allows Cross-Site Scripting (XSS) via GET request to `/projects/upload-example` endpoint
Label Studio is an open source data labeling tool. Prior to version 1.16.0, Label Studio's /projects/upload-example endpoint allows injection of arbitrary HTML through a GET request with an appropriately crafted labelconfig query parameter. By crafting a specially formatted XML label config with...
CVE-2025-25296
CVE-2025-25296 affects Label Studio versions prior to 1.16.0. The vulnerability is in the GET-based /projects/upload-example endpoint, where a crafted label_config permits injecting and rendering HTML without proper sanitization, enabling Cross-Site Scripting (XSS) . The CSP is in report-only mod...
Nagios XI 5.7.5 Remote Code Execution Exploit
This Metasploit module exploits CVE-2021-25296, CVE-2021-25297, and CVE-2021-25298, which are OS command injection vulnerabilities in the windowswmi, switch, and cloud-vm configuration wizards that allow an authenticated user to perform remote code execution on Nagios XI versions 5.5.6 to 5.7.5 a...
Nagios XI 5.5.6 to 5.7.5 - ConfigWizards Authenticated Remote Code Exection
This module exploits CVE-2021-25296, CVE-2021-25297, and CVE-2021-25298, which are OS command injection vulnerabilities in the windowswmi, switch, and cloud-vm configuration wizards that allow an authenticated user to perform remote code execution on Nagios XI versions 5.5.6 to 5.7.5 as the apach...
Nagios XI 5.7.5 Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Nagios XI 5.5.6 to 5.7.5 - ConfigWizards Authenticated Remote Code Exection', 'Description' = %q This module exploits CVE-2021-25296,...
generator-rest (=0.2.0), nodejsamazingenerator (>=1.0.0 <=1.70.60-stable) potentially affected by CVE-2022-25296 via bodymen (=1.1.1)
bodymen NPM version =1.1.1 is affected by a known vulnerability. The following packages have a transitive dependency on bodymen and may be impacted: - generator-rest =0.2.0 - nodejsamazingenerator =1.0.0, =1.70.60-stable Source cves: CVE-2022-25296 Source advisory: OSV:GHSA-VHXC-FHM5-QCP9...
CVE-2022-25296
creationtimestamp| type| source ---|---|--- 2022-03-17 15:21:39+00:00| seen| https://t.me/cibsecurity/39138...
CVE-2022-25296
The CVE-2022-25296 entry concerns the npm package bodymen. Multiple trusted sources (GHSA and OSV entries) describe a Prototype Pollution flaw in bodymen, where the handler can be tricked into adding or modifying properties on Object.prototype via a proto payload. The vulnerability is tied to an ...
VulnCheck KEV: CVE-2021-25296
Nagios XI contains a vulnerability which can lead to OS command injection on the Nagios XI server...
Nagios XI Remote Code Execution (CVE-2021-25296; CVE-2021-25297; CVE-2021-25298; CVE-2021-25299)
A remote code execution vulnerability exists in Nagios XI. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
CVE-2021-25296
creationtimestamp| type| source ---|---|--- 2021-02-15 16:46:41+00:00| seen| https://t.me/cibsecurity/23591 2021-04-27 13:43:41+00:00| seen| MISP/5aa0b3ce-e9c4-4a1d-b95b-4e232c7929fc 2023-02-07 21:54:12+00:00| seen|...
CVE-2021-25296
Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi/html/includes/configwizards/windowswmi/windowswmi.inc.php due to improper sanitization of authenticated user-controlled input by a single HTTP request, which can lead to OS...
CVE-2021-25296
Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi/html/includes/configwizards/windowswmi/windowswmi.inc.php due to improper sanitization of authenticated user-controlled input by a single HTTP request, which can lead to OS...
CVE-2021-25296
CVE-2021-25296 (Nagios XI 5.7.5) is an OS command injection in authenticated context via WindowsWMI wizard (windowswmi.inc.php); CVE-2021-25297 via Switch wizard (switch.inc.php); CVE-2021-25298 via Cloud‑VM wizard (cloud-vm.inc.php). All involve improper sanitization of authenticated user input ...
CVE-2021-25296
Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi/html/includes/configwizards/windowswmi/windowswmi.inc.php due to improper sanitization of authenticated user-controlled input by a single HTTP request, which can lead to OS...