18 matches found
CVE-2026-37429
The CVE-2026-37429 entry concerns qihang-wms: commit 75c15a contains a SQL injection vulnerability in the SysUserMapper.xml via the datascope parameter. The vulnerability could allow an attacker to retrieve sensitive data including PII through crafted SQL statements. CVSSv3.1 base score is 6.5 (M...
CVE-2026-37429
qihang-wms commit 75c15a was discovered to contain a SQL injection vulnerability via the datascope parameter in the SysUserMapper.xml file. This vulnerability allows attackers to access sensitive database information, including users' Personally Identifiable Information PII via a crafted SQL...
MAL-2025-37429 Malicious code in typopro-web-TypoPRO-DancingScript (npm)
The package typopro-web-TypoPRO-DancingScript was found to contain malicious code...
CVE-2024-37429
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Hamid Alinia Login with phone number login-with-phone-number.This issue affects Login with phone number: from n/a through = 1.7.35...
CVE-2022-37429
Silverstripe silverstripe/framework through 4.11 allows XSS issue 1 of 2 via JavaScript payload to the href attribute of a link by splitting a javascript URL with white space characters...
CVE-2024-37429
creationtimestamp| type| source ---|---|--- 2024-07-22 11:57:35+00:00| seen| https://t.me/cvedetector/1396...
CVE-2024-37429 WordPress Login with phone number plugin <= 1.7.35 - Admin+ Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Hamid Alinia – idehweb Login with phone number allows Stored XSS.This issue affects Login with phone number: from n/a through 1.7.35...
CVE-2023-37429
creationtimestamp| type| source ---|---|--- 2023-08-22 22:12:03+00:00| seen| https://t.me/cibsecurity/68944...
CVE-2023-37429
Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these vulnerabilities to obtain and...
CVE-2023-37429 Authenticated SQL Injection Vulnerabilities in EdgeConnect SD-WAN Orchestrator Web-based Management Interface
Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these vulnerabilities to obtain and...
CVE-2023-37429 Authenticated SQL Injection Vulnerabilities in EdgeConnect SD-WAN Orchestrator Web-based Management Interface
Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these vulnerabilities to obtain and...
CVE-2023-37429
CVE-2023-37429 refers to multiple SQL injection vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator. The issues are triggered via authenticated access, potentially allowing an attacker to read/modify data in the underlying database and potentially corrupt sens...
CVE-2022-37429
creationtimestamp| type| source ---|---|--- 2022-11-23 07:13:31+00:00| seen| https://t.me/cibsecurity/53386...
CVE-2022-37429
Silverstripe silverstripe/framework through 4.11 allows XSS issue 1 of 2 via JavaScript payload to the href attribute of a link by splitting a javascript URL with white space characters...
CVE-2022-37429
Concrete details for CVE-2022-37429: SilverStripe framework (silverstripe/framework) versions up to and including 4.11 are affected by a cross-site scripting (XSS) vulnerability. The root cause is improper handling of user-supplied data in link href attributes, allowing a JavaScript payload to be...
CVE-2022-37429
Silverstripe silverstripe/framework through 4.11 allows XSS issue 1 of 2 via JavaScript payload to the href attribute of a link by splitting a javascript URL with white space characters...
CVE-2022-37429 - Stored XSS using HTMLEditor
More info at https://www.silverstripe.org/download/security-releases/cve-2022-37429...
Product update: Virtuozzo Automator 7.0 Update 2 Hotfix 8 (VA MN: 7.0.2-623, VA Agent: 7.0.2-341)
The hotfix for Virtuozzo Automator 7.0.2 provides stability fixes. Vulnerability id: PVA-37429 Need to return userbeancounters stats to VA agent. Vulnerability id: PVA-37434 Unable to reboot VE while changing its RAM/CPU live. Vulnerability id: PVA-37359, PVA-37415, PVA-37438 Other fixes...