emlog 跨站脚本漏洞

emlog is emlog open source a PHP and MySQL based CMS website builder. A cross-site scripting vulnerability exists in emlog pro-2.5.17 and earlier versions, which stems from insufficient cleanup of the comment and comname parameters and could lead to a remote attacker injecting reflective cross-si...

CVE-2025-6302

A vulnerability, which was classified as critical, was found in TOTOLINK EX1200T 4.1.2cu.5232B20210713. Affected is the function setStaticDhcpConfig of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument Comment leads to stack-based buffer overflow. It is possible to launch the attack...

The vulnerability of the IP/Port Filtering configuration of the Firewall module of TOTOLINK A3002RU microprogrammed router software allows attackers to carry out cross-site scripting (XSS) attacks.

The vulnerability of the IP/Port Filtering configuration of the Firewall module in TOTOLINK A3002RU microprogrammed router software is related to the lack of protection for the website structure when processing the Comment parameter. Exploiting this vulnerability allows a remote attacker to perfo...

The vulnerability of the MAC filtering configuration of the Firewall module in TOTOLINK A3002RU microprogrammed router software allows attackers to perform cross-site scripting (XSS) attacks.

The vulnerability of the MAC filtering configuration in the TOTOLINK A3002RU router’s microprogrammed software firewall module is related to the lack of protection for the website structure when processing the “Comment” parameter. Exploiting this vulnerability allows a remote attacker to perform...

The vulnerability of the NAT Mapping module in TOTOLINK A3002RU software allows attackers to perform cross-site scripting (XSS) attacks.

The vulnerability of the NAT Mapping module in TOTOLINK A3002RU router microprogramming software is related to the lack of measures taken to protect the website structure when processing the Comment parameter. Exploiting this vulnerability allows a remote attacker to perform cross-site scripting...

CVE-2025-5507

A vulnerability was found in TOTOLINK A3002RU 2.1.1-B20230720.1011. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component MAC Filtering Page. The manipulation of the argument Comment leads to cross site scripting. The attack can be launch...

CVE-2025-5508

A vulnerability was found in TOTOLINK A3002RU 2.1.1-B20230720.1011. It has been rated as problematic. Affected by this issue is some unknown functionality of the component IP Port Filtering Page. The manipulation of the argument Comment leads to cross site scripting. The attack may be launched...

CVE-2025-5506

A vulnerability was found in TOTOLINK A3002RU 2.1.1-B20230720.1011. It has been classified as problematic. Affected is an unknown function of the component NAT Mapping Page. The manipulation of the argument Comment leads to cross site scripting. It is possible to launch the attack remotely. The...

TOTOLINK A3002RU 安全漏洞

TOTOLINK A3002RU is a wireless router product from China's Gion Electronics TOTOLINK. A cross-site scripting vulnerability exists in the TOTOLINK A3002RU, which stems from the lack of effective filtering and escaping of user-supplied data by the IP Port Filtering Page component parameter Comment,...

TOTOLINK A3002RU 代码注入漏洞

TOTOLINK A3002RU is a wireless router product from China's Gion Electronics TOTOLINK. A cross-site scripting vulnerability exists in the TOTOLINK A3002RU, which stems from the lack of effective filtering and escaping of user-supplied data by the MAC Filtering Page component parameter Comment, for...

CVE-2023-1602

The Short URL plugin for WordPress is vulnerable to stored Cross-Site Scripting via the 'comment' parameter due to insufficient input sanitization and output escaping in versions up to, and including, 1.6.4. This makes it possible for authenticated attackers, with administrator-level permissions...

CVE-2022-34133

Jorani v1.0 was discovered to contain a cross-site scripting XSS vulnerability via the Comment parameter at application/controllers/Leaves.php...

CVE-2022-29397

TOTOLINK N600R V4.3.0cu.7647B20210106 was discovered to contain a stack overflow via the comment parameter in the function FUN004196c8...

CVE-2022-29396

TOTOLINK N600R V4.3.0cu.7647B20210106 was discovered to contain a stack overflow via the comment parameter in the function FUN00418f10...

CVE-2022-29391

TOTOLINK N600R V4.3.0cu.7647B20210106 was discovered to contain a stack overflow via the comment parameter in the function FUN004200c8...

CVE-2022-29393

TOTOLINK N600R V4.3.0cu.7647B20210106 was discovered to contain a stack overflow via the comment parameter in the function FUN004192cc...

CVE-2020-21268

Cross Site Scripting vulnerability in EasySoft ZenTao v.11.6.4 allows a remote attacker to execute arbitrary code via the lastComment parameter...

CVE-2011-5185

Cross-site scripting XSS vulnerability in videocomments.php in Online Subtitles Workshop before 2.0 rev 131 allows remote attackers to inject arbitrary web script or HTML via the comment parameter...

CVE-2025-4852

A vulnerability, which was classified as problematic, has been found in TOTOLINK A3002R 2.1.1-B20230720.1011. This issue affects some unknown processing of the component VPN Page. The manipulation of the argument Comment leads to cross site scripting. The attack may be initiated remotely. The...

TOTOLINK A3002R 代码注入漏洞

TOTOLINK A3002R is a wireless router from China's Gion Electronics TOTOLINK. The TOTOLINK A3002R suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data by the parameter Comment in the component VPN Page, for which no...