rConfig Cross-Site Scripting Vulnerability (CNVD-2021-102379)

rConfig is an open source network configuration management utility. rConfig version 3.9.5 contains a cross-site scripting vulnerability that can be exploited by remote attackers to execute arbitrary JavaScript code by entering a specific payload and saving it...

CVE-2020-25352

A stored cross-site scripting XSS vulnerability in the /devices.php function inrConfig 3.9.5 has been fixed for version 3.9.6. This vulnerability allowed remote attackers to perform arbitrary Javascript execution through entering a crafted payload into the 'Model' field then saving...

Cross site scripting

A stored cross-site scripting XSS vulnerability in the /devices.php function inrConfig 3.9.5 has been fixed for version 3.9.6. This vulnerability allowed remote attackers to perform arbitrary Javascript execution through entering a crafted payload into the 'Model' field then saving...

CVE-2021-34215

Cross-site scripting in tcpipwan.htm in TOTOLINK A3002R version V1.1.1-B20200824 Important Update, new UI allows attackers to execute arbitrary JavaScript by modifying the "Service Name" field...

CVE-2021-34228

Cross-site scripting in parentcontrol.htm in TOTOLINK A3002R version V1.1.1-B20200824 Important Update, new UI allows attackers to execute arbitrary JavaScript by modifying the "Description" field and "Service Name" field...

CVE-2021-34207

Cross-site scripting in ddns.htm in TOTOLINK A3002R version V1.1.1-B20200824 Important Update, new UI allows attackers to execute arbitrary JavaScript by modifying the "Domain Name" field, "Server Address" field, "User Name/Email", or "Password/Key" field...

CVE-2021-34215

Cross-site scripting in tcpipwan.htm in TOTOLINK A3002R version V1.1.1-B20200824 Important Update, new UI allows attackers to execute arbitrary JavaScript by modifying the "Service Name" field...

CVE-2021-34223

Cross-site scripting in urlfilter.htm in TOTOLINK A3002R version V1.1.1-B20200824 Important Update, new UI allows attackers to execute arbitrary JavaScript by modifying the "URL Address" field...

CVE-2021-34228

Cross-site scripting in parentcontrol.htm in TOTOLINK A3002R version V1.1.1-B20200824 Important Update, new UI allows attackers to execute arbitrary JavaScript by modifying the "Description" field and "Service Name" field...

Cross site scripting

Cross-site scripting in tr069config.htm in TOTOLINK A3002R version V1.1.1-B20200824 Important Update, new UI allows attackers to execute arbitrary JavaScript by modifying the "User Name" field or "Password" field...

Cross site scripting

Cross-site scripting in parentcontrol.htm in TOTOLINK A3002R version V1.1.1-B20200824 Important Update, new UI allows attackers to execute arbitrary JavaScript by modifying the "Description" field and "Service Name" field...

CVE-2021-34223

Cross-site scripting in urlfilter.htm in TOTOLINK A3002R version V1.1.1-B20200824 Important Update, new UI allows attackers to execute arbitrary JavaScript by modifying the "URL Address" field...

CVE-2021-34215

Cross-site scripting in tcpipwan.htm in TOTOLINK A3002R version V1.1.1-B20200824 Important Update, new UI allows attackers to execute arbitrary JavaScript by modifying the "Service Name" field...

rConfig 跨站脚本漏洞

rConfig is an open source network configuration management utility. rConfig version 3.9.5 contains a cross-site scripting vulnerability that can be exploited by remote attackers to execute arbitrary JavaScript code by entering a specific payload and saving it...

TotoLink A3002RU 跨站脚本漏洞

TOTOLINK A3002RU is a wireless router product from Taiwan-based TOTOLINK Corporation. tr069config.htm in TOTOLINK A3002R version V1.1.1-B20200824 contains a security vulnerability that allows attackers to exploit it by modifying the " username" field or "password" field to execute arbitrary...

CVE-2021-39268

Persistent cross-site scripting XSS in the web interface of SuiteCRM before 7.11.19 allows a remote attacker to introduce arbitrary JavaScript via malicious SVG files. This occurs because the cleanfileoutput protection mechanism can be bypassed...

CVE-2021-39268

Persistent cross-site scripting XSS in the web interface of SuiteCRM before 7.11.19 allows a remote attacker to introduce arbitrary JavaScript via malicious SVG files. This occurs because the cleanfileoutput protection mechanism can be bypassed...

Cross site scripting

Persistent cross-site scripting XSS in the web interface of SuiteCRM before 7.11.19 allows a remote attacker to introduce arbitrary JavaScript via malicious SVG files. This occurs because the cleanfileoutput protection mechanism can be bypassed...

CVE-2021-39268

Persistent cross-site scripting XSS in the web interface of SuiteCRM before 7.11.19 allows a remote attacker to introduce arbitrary JavaScript via malicious SVG files. This occurs because the cleanfileoutput protection mechanism can be bypassed...

CVE-2021-39268

CVE-2021-39268 : Persistent XSS in SuiteCRM web interface prior to 7.11.19. An attacker can inject arbitrary JavaScript via malicious SVG files because the clean_file_output protection can be bypassed. Impact is remote code execution of JavaScript with LOW integrity impact and no confidentiality/...