CVE-2026-44258

efw4.X is an Enterprise Framework for Web. Prior to 4.08.010, the elfindercheckRisk function validates target and targets for path traversal and home containment, but does not validate the dst destination parameter used by elfinderpaste. An attacker can copy or move files from within the home...

EUVD-2014-4434

Malware in sbrugna...

📄 MikroTik RouterOS 7.19.1 Cross Site Scripting

MikroTik RouterOS versions 7.19.1 and below suffer from a cross site scripting vulnerability. Exploit Title: MikroTik RouterOS 7.19.1 - Reflected XSS Google Dork: inurl:/login?dst= Date: 2025-07-15 Exploit Author: Prak Sokchea Vendor Homepage: https://mikrotik.com Software Link:...

CVE-2025-6563 Cross-site scripting via dst parameter in RouterOS WiFi hotspot

A cross-site scripting vulnerability is present in the hotspot of MikroTik's RouterOS on versions below 7.19.2. An attacker can inject the javascript protocol in the dst parameter. When the victim browses to the malicious URL and logs in, the XSS executes. The POST request used to login, can also...

CVE-2024-26504

An issue in Wifire Hotspot v.4.5.3 allows a local attacker to execute arbitrary code via a crafted payload to the dst parameter...

PT-2024-21410 · Unknown · Wifire Hotspot

Name of the Vulnerable Software and Affected Versions: Wifire Hotspot version 4.5.3 Description: An issue in Wifire Hotspot allows a local attacker to execute arbitrary code via a crafted payload to the dst parameter. Recommendations: For Wifire Hotspot version 4.5.3, consider restricting access ...