CVE-2023-31805

Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local authenticated attacker to execute arbitrary code via the homepage function...

CVE-2025-31805

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Saad Iqbal Gutena Kit – Gutenberg Blocks and Templates gutena-kit allows Stored XSS.This issue affects Gutena Kit – Gutenberg Blocks and Templates: from n/a through = 2.0.7...

WordPress Gutena Kit plugin <= 2.0.7 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by João Pedro Soares de Alcântara Kinorth in WordPress Plugin Gutena Kit – Gutenberg Blocks and Templates versions = 2.0.7...

CVE-2025-31805

CVE-2025-31805 affects Gutena Kit – Gutenberg Blocks and Templates (WordPress plugin). It is a Stored XSS caused by improper neutralization during web page generation, affecting Gutena Kit versions up to 2.0.7. The CVSS 3.1 base score is 6.5 (Medium); attack vector is network, requires user inter...

CVE-2025-31805 WordPress Gutena Kit plugin <= 2.0.7 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ExpressTech Systems Gutena Kit – Gutenberg Blocks and Templates allows Stored XSS. This issue affects Gutena Kit – Gutenberg Blocks and Templates: from n/a through 2.0.7...

CVE-2024-31805

TOTOLINK EX200 firmware 4.0.3c.7646_B20201211 contains an authorization flaw in the setTelnetCfg function that allows an attacker to start the Telnet service without authentication by manipulating the telnet_enabled parameter. The vulnerability is documented across multiple sources (CVE-2024-3180...

F5 Networks BIG-IP : Apache Struts vulnerabilities (K24608264)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the K24608264 advisory. - Forced OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code executio...

CVE-2023-31805

Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local authenticated attacker to execute arbitrary code via the homepage function...

CVE-2023-31805

CVE-2023-31805 affects Chamilo Lms 1.11.18. A local authenticated attacker can execute arbitrary code via the homepage function due to a Cross Site Scripting vulnerability. The issue is documented across multiple feeds; exploitation status is not provided in the sources. Remediation, when availab...

CVE-2023-31805

Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local authenticated attacker to execute arbitrary code via the homepage function...

CVE-2023-31805

Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local authenticated attacker to execute arbitrary code via the homepage function...

K24608264: Apache Struts vulnerabilities CVE-2020-17530 and CVE-2021-31805

Security Advisory Description CVE-2020-17530 Forced OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution. Affected software : Apache Struts 2.0.0 - Struts 2.5.25. CVE-2021-31805 The fix issued for CVE-2020-17530 was incomplete. So from Apache Stru...

Exploit for Expression Language Injection in Apache Struts

CVE-2021-31805 1. Introduction Struts2 Remote Command Exec...

Critical Security Flaws Identified in CODESYS ICS Automation Software

CODESYS has released patches to address as many as 11 security flaws that, if successfully exploited, could result in information disclosure and a denial-of-service DoS condition, among others. "These vulnerabilities are simple to exploit, and they can be successfully exploited to cause...

Security Bulletin: Vulnerability in Apache Struts library affect Tivoli Netcool/OMNIbus WebGUI (CVE-2021-31805)

Summary Apache Struts is used by Tivoli Netcool/OMNIbus WebGUI as part of its web client component. The fix includes Apache Struts v2.5.30. Vulnerability Details CVEID: CVE-2021-31805 DESCRIPTION: Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by a...

CVE-2022-31805 Insecure transmission of credentials

In the CODESYS Development System multiple components in multiple versions transmit the passwords for the communication between clients and servers unprotected...

CVE-2022-31805

The CVE-2022-31805 issue affects the CODESYS Development System (multiple components across several versions) where passwords used to authenticate between clients and servers are transmitted in plaintext. Public details in the NVD entry show network-based exploitation with partial confidentiality...

CVE-2022-31805

In the CODESYS Development System multiple components in multiple versions transmit the passwords for the communication between clients and servers unprotected...

Security Bulletin: CVE-2021-31805 may affect Apache Struts used by Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections

Summary Vulnerability found in Apache Struts used by Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections Vulnerability Details CVEID: CVE-2021-31805 DESCRIPTION: Apache Struts could allow a remote...

Apache Struts Remote Code Execution (CVE-2021-31805)

A remote code execution vulnerability exists in Apache Struts. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...