Lucene search
K

303 matches found

Cvelist
Cvelist
added 2025/12/09 2:14 p.m.31 views

CVE-2025-67545 WordPress FireBox plugin <= 3.1.0-free - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in FirePlugins FireBox firebox allows Stored XSS.This issue affects FireBox: from n/a through = 3.1.0-free...

6.5CVSS0.00156EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/12/09 12:0 a.m.5 views

WordPress plugin FireBox 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site...

6.5CVSS5.7AI score0.00156EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/12/09 12:0 a.m.6 views

PT-2025-49921

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in FirePlugins FireBox firebox allows Stored XSS.This issue affects FireBox: from n/a through = 3.1.0-free...

6.5CVSS6AI score0.00156EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/12/05 10:33 p.m.5 views

CVE-2025-1545

An XPath Injection vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated attacker to retrieve sensitive information from the Firebox configuration through an exposed authentication or management web interface. This vulnerability only affects Firebox systems that have at least...

8.2CVSS7.3AI score0.00417EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/05 10:33 p.m.8 views

CVE-2025-6946

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in WatchGuard Fireware OS allows Stored XSS via the IPS module. This vulnerability requires an authenticated administrator session to a locally managed Firebox. This issue affects Firebox: from...

4.8CVSS5.4AI score0.00157EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/05 12:31 a.m.7 views

EUVD-2025-201297

An XPath Injection vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated attacker to retrieve sensitive information from the Firebox configuration through an exposed authentication or management web interface. This vulnerability only affects Firebox systems that have at least...

8.2CVSS6.8AI score0.00417EPSS
Exploits0References2
EUVD
EUVD
added 2025/12/05 12:31 a.m.7 views

EUVD-2025-201296

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in WatchGuard Fireware OS allows Stored XSS via the IPS module. This vulnerability requires an authenticated administrator session to a locally managed Firebox. This issue affects Firebox: from...

4.8CVSS4.9AI score0.00157EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/12/05 12:0 a.m.4 views

WatchGuard Firebox OS 2025.1 / 12.x < 12.11.4 / 12.5.x < 12.5.13 / 11.x Out of Bounds Write Vulnerability

According to its self-reported version, the instance of WatchGuard Firebox OS running on the remote host is 2025.1, 12.x prior to 12.11.4, 12.5.x prior to 12.5.13, or 11.x. It is, therefore, affected by out of bounds Write vulnerability. An Out-of-bounds Write vulnerability in the WatchGuard...

9.8CVSS6.6AI score0.8637EPSS
Exploits2References2
OSV
OSV
added 2025/12/04 10:15 p.m.4 views

CVE-2025-6946

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in WatchGuard Fireware OS allows Stored XSS via the IPS module. This vulnerability requires an authenticated administrator session to a locally managed Firebox. This issue affects Firebox: from...

4.8CVSS5.8AI score0.00157EPSS
Exploits0References1
NVD
NVD
added 2025/12/04 10:15 p.m.8 views

CVE-2025-6946

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in WatchGuard Fireware OS allows Stored XSS via the IPS module. This vulnerability requires an authenticated administrator session to a locally managed Firebox. This issue affects Firebox: from...

4.8CVSS0.00157EPSS
Exploits0References1
NVD
NVD
added 2025/12/04 10:15 p.m.4 views

CVE-2025-13940

An Expected Behavior Violation CWE-440 vulnerability in WatchGuard Fireware OS may allow an attacker to bypass the Fireware OS boot time system integrity check and prevent the Firebox from shutting down in the event of a system integrity check failure. The on-demand system integrity check in the...

6.7CVSS0.00107EPSS
Exploits0References1
NVD
NVD
added 2025/12/04 10:15 p.m.4 views

CVE-2025-1545

An XPath Injection vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated attacker to retrieve sensitive information from the Firebox configuration through an exposed authentication or management web interface. This vulnerability only affects Firebox systems that have at least...

8.2CVSS0.00417EPSS
Exploits0References1
OSV
OSV
added 2025/12/04 10:15 p.m.3 views

CVE-2025-1545

An XPath Injection vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated attacker to retrieve sensitive information from the Firebox configuration through an exposed authentication or management web interface. This vulnerability only affects Firebox systems that have at least...

7.5CVSS5.8AI score0.00417EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/12/04 9:48 p.m.4 views

CVE-2025-6946 WatchGuard Firebox Stored Cross-Site-Scripting (XSS) Vulnerability in IPS Configuration

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in WatchGuard Fireware OS allows Stored XSS via the IPS module. This vulnerability requires an authenticated administrator session to a locally managed Firebox. This issue affects Firebox: from...

4.8CVSS5AI score0.00157EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/04 9:48 p.m.20 views

CVE-2025-6946 WatchGuard Firebox Stored Cross-Site-Scripting (XSS) Vulnerability in IPS Configuration

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in WatchGuard Fireware OS allows Stored XSS via the IPS module. This vulnerability requires an authenticated administrator session to a locally managed Firebox. This issue affects Firebox: from...

4.8CVSS0.00157EPSS
Exploits0References1
CVE
CVE
added 2025/12/04 9:48 p.m.13 views

CVE-2025-6946

WatchGuard Fireware OS contains a Stored XSS vulnerability in the IPS module that requires an authenticated administrator session on a locally managed Firebox. Affected software is Firebox firmware versions 12.0 through 12.11.2. Root cause is improper input handling during web page generation. Th...

4.8CVSS5AI score0.00157EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2025/12/04 9:48 p.m.20 views

CVE-2025-1545 WatchGuard Firebox XPath Injection Vulnerability in Web CGI

An XPath Injection vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated attacker to retrieve sensitive information from the Firebox configuration through an exposed authentication or management web interface. This vulnerability only affects Firebox systems that have at least...

8.2CVSS0.00417EPSS
Exploits0References1
CVE
CVE
added 2025/12/04 9:48 p.m.14 views

CVE-2025-1545

CVE-2025-1545 is a WatchGuard Fireware OS XPath Injection affecting Firebox with at least one authentication hotspot configured. The issue allows remote, unauthenticated retrieval of configuration data via an exposed authentication/management web interface. Affected versions: 11.11–11.12.4+541730...

8.2CVSS6.9AI score0.00417EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/12/04 9:48 p.m.4 views

CVE-2025-1545 WatchGuard Firebox XPath Injection Vulnerability in Web CGI

An XPath Injection vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated attacker to retrieve sensitive information from the Firebox configuration through an exposed authentication or management web interface. This vulnerability only affects Firebox systems that have at least...

8.2CVSS6.9AI score0.00417EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/04 9:47 p.m.21 views

CVE-2025-13940 WatchGuard Firebox Boot Time System Integrity Check Bypass

An Expected Behavior Violation CWE-440 vulnerability in WatchGuard Fireware OS may allow an attacker to bypass the Fireware OS boot time system integrity check and prevent the Firebox from shutting down in the event of a system integrity check failure. The on-demand system integrity check in the...

6.7CVSS0.00107EPSS
Exploits0References1
Rows per page
Query Builder