EUVD-2025-41663

Malicious code in arif-kue96-riris npm...

CVE-2025-41663

For u-link Management API an unauthenticated remote attacker in a man-in-the-middle position can inject arbitrary commands in responses returned by WWH servers, which are then executed with elevated privileges. To get into such a position, clients would need to use insecure proxy configurations...

CVE-2025-41663 Weidmueller: Security routers IE-SR-2TX are affected by Command Injection

For u-link Management API an unauthenticated remote attacker in a man-in-the-middle position can inject arbitrary commands in responses returned by WWH servers, which are then executed with elevated privileges. To get into such a position, clients would need to use insecure proxy configurations...

CVE-2025-41663

The CVE-2025-41663 entry pertains to the Weidmueller IE-SR-2TX-WL industrial security router. Affected component is the u-link Management API, where an unauthenticated, man‑in‑the‑middle attacker can inject arbitrary commands in responses returned by WWH servers, leading to arbitrary command exec...

CVE-2025-41663 Weidmueller: Security routers IE-SR-2TX are affected by Command Injection

For u-link Management API an unauthenticated remote attacker in a man-in-the-middle position can inject arbitrary commands in responses returned by WWH servers, which are then executed with elevated privileges. To get into such a position, clients would need to use insecure proxy configurations...

CVE-2024-41663

creationtimestamp| type| source ---|---|--- 2024-07-23 18:54:37+00:00| seen| https://t.me/cvedetector/1517...

CVE-2024-41663 Canarytoken "Cloned Website" Vulnerable to Stored Cross-Site Scripting

Canarytokens help track activity and actions on a network. A Cross-Site Scripting vulnerability was identified in the "Cloned Website" Canarytoken, whereby the Canarytoken's creator can attack themselves. The creator of a slow-redirect Canarytoken can insert Javascript into the destination URL of...

CVE-2024-41663 Canarytoken "Cloned Website" Vulnerable to Stored Cross-Site Scripting

Canarytokens help track activity and actions on a network. A Cross-Site Scripting vulnerability was identified in the "Cloned Website" Canarytoken, whereby the Canarytoken's creator can attack themselves. The creator of a slow-redirect Canarytoken can insert Javascript into the destination URL of...

CVE-2023-41663

creationtimestamp| type| source ---|---|--- 2023-09-29 18:37:48+00:00| seen| https://t.me/cibsecurity/71298...

CVE-2023-41663

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Giovambattista Fazioli WP Bannerize Pro plugin = 1.6.9 versions...

CVE-2023-41663

CVE-2023-41663 – WordPress WP Bannerize Pro : Unauthenticated reflected Cross-Site Scripting (XSS) in Giovambattista Fazioli WP Bannerize Pro plugin versions

CVE-2023-41663 WordPress WP Bannerize Pro Plugin <= 1.6.9 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Giovambattista Fazioli WP Bannerize Pro plugin = 1.6.9 versions...

WordPress WP Bannerize Pro Plugin <= 1.6.9 is vulnerable to Cross Site Scripting (XSS)

Software WP Bannerize Pro Type Plugin Vulnerable versions = 1.6.9 Fixed in 1.7.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-41663 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 77839e376c07 Credits thiennv Required...

CVE-2022-41663

creationtimestamp| type| source ---|---|--- 2022-11-08 14:35:26+00:00| seen| https://t.me/cibsecurity/52634...

CVE-2022-41663

A vulnerability has been identified in JT2Go All versions V14.1.0.4, Teamcenter Visualization V13.2 All versions V13.2.0.12, Teamcenter Visualization V13.3 All versions V13.3.0.7, Teamcenter Visualization V14.0 All versions V14.0.0.3, Teamcenter Visualization V14.1 All versions V14.1.0.4. The...

CVE-2022-41663

CVE-2022-41663 affects Siemens JT2Go and Teamcenter Visualization: use-after-free vulnerability triggered while parsing specially crafted CGM files, enabling code execution in the current process for affected versions. Affected: JT2Go &lt; 14.1.0.4; Teamcenter Visualization V13.2 &lt; 13.2.0.12; ...

CVE-2021-41663

The CVE-2021-41663 issue affects Mini CMS v1.11, with the XSS vulnerability located in the article upload flow (post-edit.php). The root cause is described as lack of checksum filtering of user-supplied and output data on that page, enabling client-side JavaScript execution. The shared sources (R...