Lucene search
K

62 matches found

ATTACKERKB
ATTACKERKB
added 2026/02/19 12:2 p.m.4 views

CVE-2019-25409

Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by manipulating the destination parameter. Attackers can send POST requests to the routing endpoint with script payloads in the destination parameter to execute...

6.1CVSS5.6AI score0.0034EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2026/02/19 12:2 p.m.31 views

CVE-2019-25409 Comodo Dome Firewall 2.7.0 Reflected Cross-Site Scripting via routing

Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by manipulating the destination parameter. Attackers can send POST requests to the routing endpoint with script payloads in the destination parameter to execute...

6.1CVSS0.0034EPSS
Exploits1References4
CVE
CVE
added 2026/02/19 12:2 p.m.17 views

CVE-2019-25409

CVE-2019-25409 concerns Comodo Dome Firewall 2.7.0, with a reflected cross-site scripting vulnerability exploiting the destination parameter at the routing endpoint. The description states that attackers can send POST requests to the routing endpoint containing script payloads in the destination ...

6.1CVSS5.6AI score0.0034EPSS
Exploits1References4Affected Software1
CNNVD
CNNVD
added 2026/02/19 12:0 a.m.7 views

Comodo Dome Firewall 跨站脚本漏洞

Comodo Dome Firewall is a unified threat management and next-generation firewall provided by the Chinese company Comodo. Version 2.7.0 of Comodo Dome Firewall contains a cross-site scripting vulnerability. This vulnerability stems from improper cleaning of the destination parameter in routing...

6.1CVSS5.6AI score0.0034EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/02/19 12:0 a.m.6 views

PT-2026-20812

Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by manipulating the destination parameter. Attackers can send POST requests to the routing endpoint with script payloads in the destination parameter to execute...

6.1CVSS5.6AI score0.0034EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/02/19 12:0 a.m.11 views

PT-2026-20813

Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts through the source and destination parameters. Attackers can submit POST requests to the policy routing endpoint with script payloads in these parameters to execute...

6.1CVSS5.6AI score0.0034EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/28 3:30 p.m.15 views

EUVD-2025-36523

IPFire versions prior to 2.29 Core Update 198 contain a stored cross-site scripting XSS vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the SRC, DST, and COMMENT parameters when creating a time constraint rule. When a user adds a time constraint rul...

5.1CVSS5.5AI score0.00453EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/10/28 2:33 p.m.5 views

CVE-2025-34314 IPFire < v2.29 Stored XSS via Time Constraint Rule URL Filter

IPFire versions prior to 2.29 Core Update 198 contain a stored cross-site scripting XSS vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the SRC, DST, and COMMENT parameters when creating a time constraint rule. When a user adds a time constraint rul...

5.1CVSS5.5AI score0.00453EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/10/28 12:0 a.m.9 views

PT-2025-44173

Name of the Vulnerable Software and Affected Versions IPFire versions prior to 2.29 Core Update 198 Description The software contains a stored cross-site scripting XSS issue that allows an authenticated attacker to inject arbitrary JavaScript code. This is achieved by manipulating the SRC, DST, a...

5.4CVSS5.7AI score0.00453EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2015-3416

Malware in sbrugna...

5.8CVSS6.4AI score0.01204EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/07/19 12:0 a.m.1 views

TOTOLINK T6 安全漏洞

TOTOLINK T6 is a wireless dual-band router from China's Gion Electronics TOTOLINK. A buffer overflow vulnerability exists in TOTOLINK T6 version 4.1.5cu.748B20211015, which originates from the parameter dest of the recvSlaveStaInfo function of the MQTT service failing to correctly validate the...

9CVSS8AI score0.00982EPSS
Exploits1References7
CNNVD
CNNVD
added 2025/07/10 12:0 a.m.3 views

Tenda O3V2 注入漏洞

Tenda O3V2 is an outdoor wireless bridge from Tenda, China. The Tenda O3V2 suffers from a command injection vulnerability that stems from the parameter dest in the file /goform/getTraceroute failing to correctly filter constructed command special characters, commands, and so on. No details of the...

8.8CVSS6.9AI score0.03707EPSS
Exploits1References8
BDU FSTEC
BDU FSTEC
added 2025/07/09 12:0 a.m.9 views

The vulnerability of the RouterOS operating system for MikroTik routers, related to insufficient validation of input data, allows attackers to carry out cross-site scripting attacks.

The vulnerability of the RouterOS operating system for MikroTik routers is related to insufficient validation of input data when processing the dst parameter. Exploiting this vulnerability allows a malicious actor to perform domain-based scenario attacks remotely...

4.8CVSS5.4AI score0.00642EPSS
Exploits2References2Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/22 5:30 p.m.5 views

CVE-2020-6850

Utilities.php in the miniorange-saml-20-single-sign-on plugin before 4.8.84 for WordPress allows XSS via a crafted SAML XML Response to wp-login.php. This is related to the SAMLResponse and RelayState variables, and the Destination parameter of the samlp:Response XML element...

6.1CVSS6.1AI score0.01376EPSS
Exploits1References1
OSV
OSV
added 2025/02/18 10:15 p.m.6 views

CVE-2025-25896

A buffer overflow vulnerability was discovered in D-Link DSL-3782 v1.01 via the destination, netmask, and gateway parameters. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted packet...

5.7CVSS6.1AI score0.00451EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/02/18 12:0 a.m.4 views

D-Link DSL-3782 安全漏洞

The D-Link DSL-3782 is a wireless router from China-based AUO D-Link. The D-Link DSL-3782 suffers from a buffer overflow vulnerability that originates in the destination, netmask and gateway parameters, which can be exploited by an attacker to cause a denial of service...

5.7CVSS7.1AI score0.00302EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/02/18 12:0 a.m.4 views

D-Link DSL-3782 安全漏洞

The D-Link DSL-3782 is a wireless router from Taiwan, China-based D-Link. The D-Link DSL-3782 suffers from a buffer overflow vulnerability that originates in the destination, netmask, and gateway parameters, which can be exploited by an attacker to cause a denial of service...

5.7CVSS7.1AI score0.00451EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/02/04 12:0 a.m.4 views

PT-2025-7110 · D Link · D-Link Dsl-3782

Name of the Vulnerable Software and Affected Versions: D-Link DSL-3782 version 1.01 Description: A buffer overflow issue was discovered via the destination, netmask, and gateway parameters. This issue allows attackers to cause a Denial of Service DoS via a crafted packet. Recommendations: For...

5.7CVSS7.3AI score0.00451EPSS
Exploits0References7
OSV
OSV
added 2025/01/14 3:15 p.m.5 views

CVE-2024-39764

Multiple OS command injection vulnerabilities exist in the internet.cgi setaddrouting functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A...

7.2CVSS6AI score0.04156EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2024/05/15 12:0 a.m.2 views

PT-2024-40513 · Drupal · Drupal

Name of the Vulnerable Software and Affected Versions: Drupal version 7 Description: The issue is caused by insufficient validation of the destination query parameter in the drupal goto function, allowing for an Open Redirect. This could trick users into visiting a specially crafted link that...

4.3CVSS7.3AI score
Exploits0References4
Rows per page
Query Builder