29 matches found
CVE-2025-52180
Cross-site scripting XSS vulnerability in Zucchetti Ad Hoc Infinity 4.2 and earlier allows remote unauthenticated attackers to inject arbitrary JavaScript via the pHtmlSource parameter of the /ahi/jsp/gsfrfeditorHTML.jsp?pHtmlSource endpoint...
CVE-2025-52180
Cross-site scripting XSS vulnerability in Zucchetti Ad Hoc Infinity 4.2 and earlier allows remote unauthenticated attackers to inject arbitrary JavaScript via the pHtmlSource parameter of the /ahi/jsp/gsfrfeditorHTML.jsp?pHtmlSource endpoint...
CVE-2025-52180
Cross-site scripting XSS vulnerability in Zucchetti Ad Hoc Infinity 4.2 and earlier allows remote unauthenticated attackers to inject arbitrary JavaScript via the pHtmlSource parameter of the /ahi/jsp/gsfrfeditorHTML.jsp?pHtmlSource endpoint...
CVE-2025-52180
Cross-site scripting XSS vulnerability in Zucchetti Ad Hoc Infinity 4.2 and earlier allows remote unauthenticated attackers to inject arbitrary JavaScript via the pHtmlSource parameter of the /ahi/jsp/gsfrfeditorHTML.jsp?pHtmlSource endpoint...
EUVD-2025-7218
Malicious code in bioql PyPI...
EUVD-2024-54230
Malicious code in bioql PyPI...
EUVD-2025-7220
Malicious code in bioql PyPI...
CVE-2024-51319
A local file include vulnerability in the /servlet/Report of Zucchetti Ad Hoc Infinity 2.4 allows an authenticated attacker to achieve Remote Code Execution by uploading a jsp web/reverse shell through /jsp/zimgupload.jsp...
CVE-2024-51320
Cross Site Scripting vulnerability in Zucchetti Ad Hoc Infinity 2.4 allows an authenticated attacker to achieve Remote Code Execution via the /servlet/gsdmfsavehtmltmp, /servlet/gsdmbtlkopenfile components...
CVE-2024-51321
In Zucchetti Ad Hoc Infinity 2.4, an improper check on the mcURL parameter allows an attacker to redirect the victim to an attacker-controlled website after the authentication...
CVE-2024-51319
A local file include vulnerability in the /servlet/Report of Zucchetti Ad Hoc Infinity 2.4 allows an authenticated attacker to achieve Remote Code Execution by uploading a jsp web/reverse shell through /jsp/zimgupload.jsp...
CVE-2024-51320
Cross Site Scripting vulnerability in Zucchetti Ad Hoc Infinity 2.4 allows an authenticated attacker to achieve Remote Code Execution via the /servlet/gsdmfsavehtmltmp, /servlet/gsdmbtlkopenfile components...
CVE-2024-51321
In Zucchetti Ad Hoc Infinity 2.4, an improper check on the mcURL parameter allows an attacker to redirect the victim to an attacker-controlled website after the authentication...
CVE-2024-51322
Cross Site Scripting vulnerability in Zucchetti Ad Hoc Infinity 2.4 allows an authenticated attacker to achieve Remote Code Execution via the /jsp/home.jsp, /jsp/gsfrfeditorHTML.jsp, /servlet/SPVisualZoom, /jsp/gsmdcontainer.jsp components...
CVE-2024-51320
Cross Site Scripting vulnerability in Zucchetti Ad Hoc Infinity 2.4 allows an authenticated attacker to achieve Remote Code Execution via the /servlet/gsdmfsavehtmltmp, /servlet/gsdmbtlkopenfile components...
CVE-2024-51322
Cross Site Scripting vulnerability in Zucchetti Ad Hoc Infinity 2.4 allows an authenticated attacker to achieve Remote Code Execution via the /jsp/home.jsp, /jsp/gsfrfeditorHTML.jsp, /servlet/SPVisualZoom, /jsp/gsmdcontainer.jsp components...
CVE-2024-51319
A local file include vulnerability in the /servlet/Report of Zucchetti Ad Hoc Infinity 2.4 allows an authenticated attacker to achieve Remote Code Execution by uploading a jsp web/reverse shell through /jsp/zimgupload.jsp...
CVE-2024-51320
Cross Site Scripting vulnerability in Zucchetti Ad Hoc Infinity 2.4 allows an authenticated attacker to achieve Remote Code Execution via the /servlet/gsdmfsavehtmltmp, /servlet/gsdmbtlkopenfile components...
CVE-2024-51322
Cross Site Scripting vulnerability in Zucchetti Ad Hoc Infinity 2.4 allows an authenticated attacker to achieve Remote Code Execution via the /jsp/home.jsp, /jsp/gsfrfeditorHTML.jsp, /servlet/SPVisualZoom, /jsp/gsmdcontainer.jsp components...
CVE-2024-51321
In Zucchetti Ad Hoc Infinity 2.4, an improper check on the mcURL parameter allows an attacker to redirect the victim to an attacker-controlled website after the authentication...