Xinuo Openserver 5/6 - Cross-Site scripting

Xinuo formerly SCO Openserver versions 5 and 6 allows remote attackers to inject arbitrary web script or HTML tag via the parameter 'section' and is vulnerable to reflected cross-site scripting. id: CVE-2020-25495 info: name: Xinuo Openserver 5/6 - Cross-Site scripting author: 0xAkoko severity:...

PT-2026-24686

Craft is a content management system CMS. The ElementSearchController::actionSearch endpoint is missing the unset protection that was added to ElementIndexesController in CVE-2026-25495. The exact same SQL injection vulnerability including criteriaorderBy, the original advisory vector works on th...

CVE-2019-25495

osCommerce 2.3.4.1 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the reviewsid parameter. Attackers can send GET requests to productreviewswrite.php with malicious reviewsid values using boolean-based SQL...

CVE-2026-25495

creationtimestamp| type| source ---|---|--- 2026-02-09 18:02:59+00:00| published-proof-of-concept| https://github.com/craftcms/cms/security/advisories/GHSA-2453-mppf-46cj 2026-02-09 23:40:05+00:00| seen| https://gist.github.com/alon710/05c03b478ac40a36955b23403707c5ec...

Security Bulletin: Multiple Vulnerabilities in XCC affect IBM Cloud Pak System

Summary Multiple Vulnerabilities in XClarity Controller XCC affect IBM Cloud Pak System. XCC is used by Cloud Pak System. IBM Cloud Pak System has addressed these vulnerabilities. Vulnerability Details CVEID:CVE-2023-4607 DESCRIPTION: Lenovo XClarity Controller XCC could allow a remote...

CVE-2023-25495

A valid, authenticated administrative user can query a web interface API to reveal the configured LDAP client password used by XCC to authenticate to an external LDAP server in certain configurations. There is no exposure where no LDAP client password is configured...

CVE-2023-25495

A valid, authenticated administrative user can query a web interface API to reveal the configured LDAP client password used by XCC to authenticate to an external LDAP server in certain configurations. There is no exposure where no LDAP client password is configured...

CVE-2023-25495

Summary: CVE-2023-25495 affects Lenovo XClarity Controller (XCC). A valid, authenticated administrative user can query the web interface API to reveal the LDAP client password used by XCC to authenticate to an external LDAP server in certain configurations. There is no exposure where no LDAP clie...

CVE-2022-25495

CVE-2022-25495 affects CuppaCMS v1.0, where the vulnerable component is /jquery_file_upload/server/php/index.php. An attacker can upload arbitrary files via a crafted PHP file and achieve remote code execution. The vulnerability is described across multiple feeds (NVD entry, CNVD/CNNVD summaries,...

CVE-2021-25495

creationtimestamp| type| source ---|---|--- 2021-10-06 22:32:19+00:00| seen| https://t.me/cibsecurity/30087...

CVE-2021-25495

A possible heap buffer overflow vulnerability in libSPenBase library of Samsung Notes prior to Samsung Note version 4.3.02.61 allows arbitrary code execution...

CVE-2021-25495

A possible heap buffer overflow vulnerability in libSPenBase library of Samsung Notes prior to Samsung Note version 4.3.02.61 allows arbitrary code execution...

CVE-2021-25495

CVE-2021-25495 affects Samsung Notes’ libSPenBase. The issue is a heap buffer overflow caused by insufficient bounds checking in libSPenBase, allowing arbitrary code execution. Affected are Samsung Notes versions prior to 4.3.02.61. Some sources indicate the issue could be exploited by a remote a...

SCO Openserver 5.0.7 - 'section' Reflected XSS

Exploit Title: SCO Openserver 5.0.7 - 'section' Reflected XSS Google Dork: inurl:/cgi-bin/manlist?section Discovered Date: 14/06/2020 Author: Ramikan Vendor Homepage: https://www.xinuos.com/products Software Link: https://www.sco.com/products/openserver507/-overview Affected Version: Tested on...

CVE-2020-25495

Xinuo (formerly SCO) Openserver v5/v6 is affected by a reflected XSS in the web interface, exploitable via the 'section' parameter due to inadequate input validation. Impact: arbitrary script execution and potential data leakage for users who load the affected pages. Remediation: apply the latest...