Yonyou UFIDA ERP-NC V5.0 - Cross-Site Scripting

Yonyou UFIDA ERP-NC V5.0 is vulnerable to reflected cross-site scripting XSS via the flag parameter in menu.jsp. Unsanitized user input is reflected in the response, allowing arbitrary JavaScript execution. id: CVE-2025-2710 info: name: Yonyou UFIDA ERP-NC V5.0 - Cross-Site Scripting author:...

PT-2026-39471

CVE-2026-2710 - CVE-2022-1234: Cisco Webex Meeting Server Authentication Bypass CVE ID :CVE-2026-2710 Published : May 7, 2026, 11:16 p.m. | 58 minutes ago Description :Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. Severity: 0.0 | NA Visit the link for...

MiracleLinux 4 : firefox-38.0-4.0.1.AXS4 (AXSA:2015-141:04)

The remote MiracleLinux 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2015-141:04 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability. Security issues fixed with this releas...

CVE-2021-2710

creationtimestamp| type| source ---|---|--- 2025-07-31 21:02:18+00:00| seen| https://bsky.app/profile/beikokucyber.bsky.social/post/3lvbzuii3rw2p 2025-08-01 21:02:23+00:00| seen| https://bsky.app/profile/beikokucyber.bsky.social/post/3lvekdjuudw2h...

CVE-2020-2710

Vulnerability in the Oracle Banking Payments product of Oracle Financial Services Applications component: Core. Supported versions that are affected are 14.1.0-14.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Payment...

CVE-2010-2710

Unspecified vulnerability in HP OpenView Network Node Manager OV NNM 7.51 and 7.53 allows remote attackers to execute arbitrary code via unknown vectors...

CVE-2025-2710

creationtimestamp| type| source ---|---|--- 2025-03-25 01:05:44+00:00| seen| https://t.me/cvedetector/21009 2025-07-16 13:27:11+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2025/CVE-2025-2710.yaml 2025-07-17 21:02:31+00:00| seen|...

CVE-2025-2710

Yonyou UFIDA ERP-NC 5.0 is reported vulnerable to a reflected cross-site scripting (XSS) flaw in the /menu.jsp file, triggered by manipulating the flag parameter. The issue stems from unsanitized user input reflected in the response. Impact details indicate potential arbitrary JavaScript executio...

CVE-2024-2710

A vulnerability was found in Tenda AC10U 15.03.06.49. It has been declared as critical. Affected by this vulnerability is the function setSchedWifi of the file /goform/openSchedWifi. The manipulation of the argument schedStartTime leads to stack-based buffer overflow. The attack can be launched...

CVE-2024-2710 Tenda AC10U openSchedWifi setSchedWifi stack-based overflow

A vulnerability was found in Tenda AC10U 15.03.06.49. It has been declared as critical. Affected by this vulnerability is the function setSchedWifi of the file /goform/openSchedWifi. The manipulation of the argument schedStartTime leads to stack-based buffer overflow. The attack can be launched...

CVE-2024-2710

CVE-2024-2710 affects Tenda AC10U 15.03.06.49. The vulnerability resides in the setSchedWifi function in /goform/openSchedWifi, where manipulating the schedStartTime parameter causes a stack-based buffer overflow. This can be exploited remotely and, per multiple sources, the exploit has been publ...

CVE-2023-2710

creationtimestamp| type| source ---|---|--- 2023-05-16 13:20:47+00:00| seen| https://t.me/cibsecurity/64198...

CVE-2023-2710

The video carousel slider with lightbox plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the searchterm parameter in versions up to, and including, 1.0.22 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...

CVE-2023-2710

CVE-2023-2710 concerns the WordPress plugin Video carousel slider with lightbox (WP Responsive Video Gallery with Lightbox). The vulnerability is a Reflected Cross-Site Scripting (XSS) in the search_term parameter caused by insufficient input sanitization and output escaping, affecting versions u...

CVE-2022-2710

creationtimestamp| type| source ---|---|--- 2022-09-19 18:37:58+00:00| seen| https://t.me/cibsecurity/50032...

CVE-2022-2710

The Scroll To Top WordPress plugin before 1.4.1 does not escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2022-2710

The Scroll To Top WordPress plugin before 1.4.1 does not escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2022-2710 Scroll To Top < 1.4.1 - Admin+ Stored Cross-Site Scripting

The Scroll To Top WordPress plugin before 1.4.1 does not escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2022-2710

The CVE-2022-2710 entry concerns the WordPress Scroll To Top plugin (versions prior to 1.4.1). The vulnerability is a Stored Cross-Site Scripting (XSS) flaw caused by insufficient escaping of certain plugin settings, which could let high-privilege users (e.g., admins) execute scripts even when un...

SUSE: Security Advisory (SUSE-SU-2015:0978-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...