62 matches found
CVE-2019-25409
Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by manipulating the destination parameter. Attackers can send POST requests to the routing endpoint with script payloads in the destination parameter to execute...
CVE-2019-25409 Comodo Dome Firewall 2.7.0 Reflected Cross-Site Scripting via routing
Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by manipulating the destination parameter. Attackers can send POST requests to the routing endpoint with script payloads in the destination parameter to execute...
CVE-2019-25409
CVE-2019-25409 concerns Comodo Dome Firewall 2.7.0, with a reflected cross-site scripting vulnerability exploiting the destination parameter at the routing endpoint. The description states that attackers can send POST requests to the routing endpoint containing script payloads in the destination ...
Comodo Dome Firewall 跨站脚本漏洞
Comodo Dome Firewall is a unified threat management and next-generation firewall provided by the Chinese company Comodo. Version 2.7.0 of Comodo Dome Firewall contains a cross-site scripting vulnerability. This vulnerability stems from improper cleaning of the destination parameter in routing...
PT-2026-20812
Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by manipulating the destination parameter. Attackers can send POST requests to the routing endpoint with script payloads in the destination parameter to execute...
PT-2026-20813
Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts through the source and destination parameters. Attackers can submit POST requests to the policy routing endpoint with script payloads in these parameters to execute...
EUVD-2025-36523
IPFire versions prior to 2.29 Core Update 198 contain a stored cross-site scripting XSS vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the SRC, DST, and COMMENT parameters when creating a time constraint rule. When a user adds a time constraint rul...
CVE-2025-34314 IPFire < v2.29 Stored XSS via Time Constraint Rule URL Filter
IPFire versions prior to 2.29 Core Update 198 contain a stored cross-site scripting XSS vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the SRC, DST, and COMMENT parameters when creating a time constraint rule. When a user adds a time constraint rul...
PT-2025-44173
Name of the Vulnerable Software and Affected Versions IPFire versions prior to 2.29 Core Update 198 Description The software contains a stored cross-site scripting XSS issue that allows an authenticated attacker to inject arbitrary JavaScript code. This is achieved by manipulating the SRC, DST, a...
EUVD-2015-3416
Malware in sbrugna...
TOTOLINK T6 安全漏洞
TOTOLINK T6 is a wireless dual-band router from China's Gion Electronics TOTOLINK. A buffer overflow vulnerability exists in TOTOLINK T6 version 4.1.5cu.748B20211015, which originates from the parameter dest of the recvSlaveStaInfo function of the MQTT service failing to correctly validate the...
Tenda O3V2 注入漏洞
Tenda O3V2 is an outdoor wireless bridge from Tenda, China. The Tenda O3V2 suffers from a command injection vulnerability that stems from the parameter dest in the file /goform/getTraceroute failing to correctly filter constructed command special characters, commands, and so on. No details of the...
The vulnerability of the RouterOS operating system for MikroTik routers, related to insufficient validation of input data, allows attackers to carry out cross-site scripting attacks.
The vulnerability of the RouterOS operating system for MikroTik routers is related to insufficient validation of input data when processing the dst parameter. Exploiting this vulnerability allows a malicious actor to perform domain-based scenario attacks remotely...
CVE-2020-6850
Utilities.php in the miniorange-saml-20-single-sign-on plugin before 4.8.84 for WordPress allows XSS via a crafted SAML XML Response to wp-login.php. This is related to the SAMLResponse and RelayState variables, and the Destination parameter of the samlp:Response XML element...
CVE-2025-25896
A buffer overflow vulnerability was discovered in D-Link DSL-3782 v1.01 via the destination, netmask, and gateway parameters. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted packet...
D-Link DSL-3782 安全漏洞
The D-Link DSL-3782 is a wireless router from China-based AUO D-Link. The D-Link DSL-3782 suffers from a buffer overflow vulnerability that originates in the destination, netmask and gateway parameters, which can be exploited by an attacker to cause a denial of service...
D-Link DSL-3782 安全漏洞
The D-Link DSL-3782 is a wireless router from Taiwan, China-based D-Link. The D-Link DSL-3782 suffers from a buffer overflow vulnerability that originates in the destination, netmask, and gateway parameters, which can be exploited by an attacker to cause a denial of service...
PT-2025-7110 · D Link · D-Link Dsl-3782
Name of the Vulnerable Software and Affected Versions: D-Link DSL-3782 version 1.01 Description: A buffer overflow issue was discovered via the destination, netmask, and gateway parameters. This issue allows attackers to cause a Denial of Service DoS via a crafted packet. Recommendations: For...
CVE-2024-39764
Multiple OS command injection vulnerabilities exist in the internet.cgi setaddrouting functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A...
PT-2024-40513 · Drupal · Drupal
Name of the Vulnerable Software and Affected Versions: Drupal version 7 Description: The issue is caused by insufficient validation of the destination query parameter in the drupal goto function, allowing for an Open Redirect. This could trick users into visiting a specially crafted link that...