PT-2021-10200 · Gnuboard5 · Gnuboard5

Name of the Vulnerable Software and Affected Versions: gnuboard5 versions prior to 5.3.2.8 Description: The issue is related to a Cross Site Scripting XSS vulnerability. It can be exploited via the url parameter to "bbs/login.php" endpoint. Recommendations: For versions prior to 5.3.2.8, update t...

KuaiFan 参数注入漏洞

KuaiFanCMS later referred to as KF using PHP5 + MYSQL as the technical basis for the development of KF using the Smarty template engine to build a site system. KuaiFanCMS V5 has a security vulnerability, the vulnerability stems from KuaiFanCMS V5 in chakanhtml.module.php file HTML url parameter...

Cisco Webex Meetings Open Redirect Vulnerability

Cisco Webex Meetings provides affordable enterprise virtual meeting solutions. An open redirect vulnerability exists in the Web management interface of Cisco Webex Meetings. The vulnerability stems from improper validation of the input of URL parameters in an HTTP request. An attacker could explo...

CVE-2020-35742

HGiga MailSherlock contains a vulnerability of SQL Injection. Attackers can inject and launch SQL commands in a URL parameter...

CVE-2020-29455

A cross-Site Scripting XSS vulnerability in this.showInvalid and this.showInvalidCountry in SmartyStreets liveAddressPlugin.js 3.2 allows remote attackers to inject arbitrary web script or HTML via any address parameter e.g., street or country...

CVE-2020-29455

A cross-Site Scripting XSS vulnerability in this.showInvalid and this.showInvalidCountry in SmartyStreets liveAddressPlugin.js 3.2 allows remote attackers to inject arbitrary web script or HTML via any address parameter e.g., street or country...

Cross site scripting

A cross-Site Scripting XSS vulnerability in this.showInvalid and this.showInvalidCountry in SmartyStreets liveAddressPlugin.js 3.2 allows remote attackers to inject arbitrary web script or HTML via any address parameter e.g., street or country...

CVE-2020-29455

A cross-Site Scripting XSS vulnerability in this.showInvalid and this.showInvalidCountry in SmartyStreets liveAddressPlugin.js 3.2 allows remote attackers to inject arbitrary web script or HTML via any address parameter e.g., street or country...

SmartyStreets liveAddressPlugin.js Cross Site Scripting Vulnerability

SmartyStreets LiveAddressPlugin is a codebase for adding address validation and autocomplete functionality to web pages based on Javascript support pluggable by SmartyStreets individual developers. A cross-site scripting vulnerability in SmartyStreets liveAddressPlugin.js version 3.2 allows remot...

Seowon SLC 130 Router Authentication Bypasses RCE Vulnerability

Seowon Intech is located in South Korea and is engaged in the manufacture and sale of cellular phones and electronic components. A security vulnerability exists in the Seowon Intech SLC-130 and SLR-120S. An attacker can exploit the vulnerability by sending the 'ipAddr' parameter to the...

UBUNTU-CVE-2020-25788

An issue was discovered in Tiny Tiny RSS aka tt-rss before 2020-09-16. imgproxy in plugins/afproxyhttp/init.php mishandles $REQUEST"url" in an error message...

PT-2020-13709 · Dolibarr · Dolibarr

Name of the Vulnerable Software and Affected Versions: Dolibarr version 11.0.4 Description: The issue concerns multiple stored Cross-Site Scripting XSS vulnerabilities. These could allow remote authenticated attackers to inject arbitrary web script or HTML. This can be done via several API...

NagiosXI 5.6.11 address Remote Code Execution Vulnerability

Exploit for php platform in category web applications Title: Postauth RCE in NagiosXI 5.6.11 param: address Vendor: https://www.nagios.com/ Vulnerable software: https://www.nagios.com/downloads/nagios-xi/vmware/ Repo: https://github.com/c610/free/ GET...

DEBIAN-CVE-2019-18348

An issue was discovered in urllib2 in Python 2.x through 2.7.17 and urllib in Python 3.x through 3.8.0. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n specifically in the host component of a URL follow...

PT-2019-14892 · Fusionpbx · Fusionpbx

Name of the Vulnerable Software and Affected Versions: FusionPBX versions up to 4.5.7 Description: The issue arises from the file appcontactscontact addresses.php using an unsanitized id variable from the URL, which is then reflected in HTML. This leads to a cross-site scripting XSS issue, allowi...

golang: CRLF injection in net/http

An issue was discovered in net/http in Go 1.11.5. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the second argument to http.NewRequest with \r\n followed by an HTTP header or a Redis command...

CVE-2019-11844

An HTML Injection vulnerability has been discovered on the RICOH SP 4520DN via the /web/entry/en/address/adrsSetUserWizard.cgi entryNameIn or entryDisplayNameIn parameter...

CVE-2019-11845

An HTML Injection vulnerability has been discovered on the RICOH SP 4510DN via the /web/entry/en/address/adrsSetUserWizard.cgi entryNameIn parameter...

CVE-2018-13293

Cross-site scripting XSS vulnerability in Control Panel SSO Settings in Synology DiskStation Manager DSM before 6.2.1-23824 allows remote authenticated users to inject arbitrary web script or HTML via the URL parameter...

Cross-site Scripting (XSS)

dolibarr/dolibarr is vulnerable to cross-site scripting XSS attacks. The vulnerability exists due to the lack of sanitization of the address and town parameters, allowing XSS attacks...