Yonyou UFIDA ERP-NC V5.0 - Cross-Site Scripting

Yonyou UFIDA ERP-NC V5.0 is vulnerable to reflected cross-site scripting XSS via the key and redirect parameters in login.jsp. Unsanitized user input is reflected in the response, allowing arbitrary JavaScript execution. id: CVE-2025-2709 info: name: Yonyou UFIDA ERP-NC V5.0 - Cross-Site Scriptin...

AlmaLinux 9 : golang (ALSA-2026:2709)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:2709 advisory. golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip CVE-2025-61728 golang: net/url: Memory exhaustion in query...

CVE-2019-2709

Vulnerability in the Oracle Transportation Management component of Oracle Supply Chain Products Suite subcomponent: Security. Supported versions that are affected are 6.3.7, 6.4.2 and 6.4.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromis...

CVE-2023-2709

The ANGradeBook WordPress plugin through 5.0.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2020-2709

Vulnerability in the Oracle iLearning product of Oracle iLearning component: Learner Pages. The supported version that is affected is 6.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iLearning. Successful attacks require human...

CVE-2013-2709

Cross-site request forgery CSRF vulnerability in the FourSquare Checkins plugin before 1.3 for WordPress allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences...

CVE-2004-2709

Buffer overflow in the striphtmltags method for Gyach Enhanced Gyach-E before 1.0.4 allows remote attackers to cause a denial of service and possibly execute arbitrary code via unknown vectors involving HTML tags...

CVE-2025-2709

creationtimestamp| type| source ---|---|--- 2025-03-24 20:23:46+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/8529 2025-03-24 22:35:03+00:00| seen| https://t.me/cvedetector/20990 2025-03-24 22:39:56+00:00| seen|...

CVE-2025-2709

A vulnerability has been found in Yonyou UFIDA ERP-NC 5.0 and classified as problematic. This vulnerability affects unknown code of the file /login.jsp. The manipulation of the argument key/redirect leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclose...

CVE-2025-2709 Yonyou UFIDA ERP-NC login.jsp cross site scripting

A vulnerability has been found in Yonyou UFIDA ERP-NC 5.0 and classified as problematic. This vulnerability affects unknown code of the file /login.jsp. The manipulation of the argument key/redirect leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclose...

RHEL 6 : libgssapi (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - libgssapi, libgssglue: Ability to load untrusted configuration file, when loading GSS mechanisms and their...

CVE-2024-2709

The CVE-2024-2709 vulnerability affects Tenda AC10U firmware 15.03.06.49. A stack-based buffer overflow is triggered by manipulating the argument list in the fromSetRouteStatic function of /goform/SetStaticRouteCfg, allowing remote execution with no user interaction. Multiple sources confirm the ...

CVE-2023-2709

The ANGradeBook WordPress plugin through 5.0.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2023-2709

The CVE-2023-2709 entry relates to the AN_GradeBook WordPress plugin (≤ 5.0.1). It is a Stored XSS vulnerability caused by insufficient sanitization/escaping of certain settings, enabling a high-privilege user (e.g., an admin) to inject scripts even when unfiltered_html is disallowed (including m...

CVE-2023-2709 AN_GradeBook <= 5.0.1 - Admin+ XSS

The ANGradeBook WordPress plugin through 5.0.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

SUSE SLES15 Security Update : kernel (Live Patch 31 for SLE 15 SP3) (SUSE-SU-2023:2709-1)

The remote SUSE Linux SLES15 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2023:2709-1 advisory. - qfqchangeclass in net/sched/schqfq.c in the Linux kernel before 6.2.13 allows an out-of-bounds write because lmax can exceed QFQMINLMAX. CVE-2023-314...

WordPress AN_GradeBook Plugin <= 5.0.1 is vulnerable to Cross Site Scripting (XSS)

Software ANGradeBook Type Plugin Vulnerable versions = 5.0.1 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-2709 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID d35c35babbf4 Credits Bob Matyas Required privilege...

SUSE CVE-2005-2709

The sysctl functionality sysctl.c in Linux kernel before 2.6.14.1 allows local users to cause a denial of service kernel oops and possibly execute code by opening an interface file in /proc/sys/net/ipv4/conf/, waiting until the interface is unregistered, then obtaining and modifying function...

CVE-2022-2709

The Float to Top Button WordPress plugin through 2.3.6 does not escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2022-2709 Float to Top Button <= 2.3.6 - Admin+ Stored Cross-Site Scripting

The Float to Top Button WordPress plugin through 2.3.6 does not escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...