81 matches found
CVE-2020-24375
A DNS rebinding vulnerability in the UPnP MediaServer implementation in Freebox Server before 4.2.3...
CVE-2020-24376
A DNS rebinding vulnerability in the UPnP IGD implementations in Freebox v5 before 1.5.29 and Freebox Server before 4.2.3...
CVE-2023-53919
PodcastGenerator 3.2.9 contains a stored cross-site scripting vulnerability in the Freebox content field accessible through the theme customization interface themefreebox.php. Malicious JavaScript payloads injected into the Freebox content execute when users visit the application's home page...
EUVD-2023-60212
PodcastGenerator 3.2.9 contains a stored cross-site scripting vulnerability in the Freebox content field accessible through the theme customization interface themefreebox.php. Malicious JavaScript payloads injected into the Freebox content execute when users visit the application's home page...
CVE-2023-53919
PodcastGenerator 3.2.9 contains a stored cross-site scripting vulnerability in the Freebox content field accessible through the theme customization interface themefreebox.php. Malicious JavaScript payloads injected into the Freebox content execute when users visit the application's home page...
CVE-2023-53919
PodcastGenerator 3.2.9 contains a stored cross-site scripting vulnerability in the Freebox content field accessible through the theme customization interface themefreebox.php. Malicious JavaScript payloads injected into the Freebox content execute when users visit the application's home page...
CVE-2023-53919 PodcastGenerator Stored Cross-Site Scripting via Freebox Content Field
PodcastGenerator 3.2.9 contains a stored cross-site scripting vulnerability in the Freebox content field accessible through the theme customization interface themefreebox.php. Malicious JavaScript payloads injected into the Freebox content execute when users visit the application's home page...
CVE-2023-53919 PodcastGenerator Stored Cross-Site Scripting via Freebox Content Field
PodcastGenerator 3.2.9 contains a stored cross-site scripting vulnerability in the Freebox content field accessible through the theme customization interface themefreebox.php. Malicious JavaScript payloads injected into the Freebox content execute when users visit the application's home page...
CVE-2023-53919
CVE-2023-53919 affects PodcastGenerator 3.2.9, with a stored cross-site scripting flaw in the Freebox content field via the theme_freebox.php interface. Attacker-supplied JavaScript placed in Freebox content can execute when users visit the home page. Public documentation confirms the issue and p...
Podcast Generator 跨站脚本漏洞
Podcast Generator is an open source set of free podcast publishing scripts written in PHP by PodcastGenerator. A cross-site scripting vulnerability exists in Podcast Generator version 3.2.9, which stems from improper Freebox content field cleanup and could lead to a stored cross-site scripting...
PT-2025-51957
Name of the Vulnerable Software and Affected Versions PodcastGenerator version 3.2.9 Description The software contains a stored cross-site scripting issue in the Freebox content field. This field is accessible through the theme customization interface, specifically the 'theme freebox.php'...
CVE-2025-63292
Freebox v5 HD firmware = 1.7.20, Freebox v5 Crystal firmware = 1.7.20, Freebox v6 Révolution r1–r3 firmware = 4.7.x, Freebox Mini 4K firmware = 4.7.x, and Freebox One firmware = 4.7.x were discovered to expose subscribers' IMSI identifiers in plaintext during the initial phase of EAP-SIM...
EUVD-2025-197856
reebox v5 HD firmware = 1.7.20, Freebox v5 Crystal firmware = 1.7.20, Freebox v6 Révolution r1–r3 firmware = 4.7.x, Freebox Mini 4K firmware = 4.7.x, and Freebox One firmware = 4.7.x were discovered to expose subscribers' IMSI identifiers in plaintext during the initial phase of EAP-SIM...
CVE-2025-63292
Freebox v5 HD firmware = 1.7.20, Freebox v5 Crystal firmware = 1.7.20, Freebox v6 Révolution r1–r3 firmware = 4.7.x, Freebox Mini 4K firmware = 4.7.x, and Freebox One firmware = 4.7.x were discovered to expose subscribers' IMSI identifiers in plaintext during the initial phase of EAP-SIM...
CVE-2025-63292
Freebox v5 HD firmware = 1.7.20, Freebox v5 Crystal firmware = 1.7.20, Freebox v6 Révolution r1–r3 firmware = 4.7.x, Freebox Mini 4K firmware = 4.7.x, and Freebox One firmware = 4.7.x were discovered to expose subscribers' IMSI identifiers in plaintext during the initial phase of EAP-SIM...
CVE-2025-63292
Freebox v5 HD firmware = 1.7.20, Freebox v5 Crystal firmware = 1.7.20, Freebox v6 Révolution r1–r3 firmware = 4.7.x, Freebox Mini 4K firmware = 4.7.x, and Freebox One firmware = 4.7.x were discovered to expose subscribers' IMSI identifiers in plaintext during the initial phase of EAP-SIM...
CVE-2025-63292
Freebox v5 HD firmware = 1.7.20, Freebox v5 Crystal firmware = 1.7.20, Freebox v6 Révolution r1–r3 firmware = 4.7.x, Freebox Mini 4K firmware = 4.7.x, and Freebox One firmware = 4.7.x were discovered to expose subscribers' IMSI identifiers in plaintext during the initial phase of EAP-SIM...
PT-2025-47193
Name of the Vulnerable Software and Affected Versions Freebox v5 HD version 1.7.20 Freebox v5 Crystal version 1.7.20 Freebox v6 Révolution r1–r3 versions 4.7.x Freebox Mini 4K versions 4.7.x Freebox One versions 4.7.x Description Freebox devices expose subscribers' IMSI identifiers in plaintext...
Freebox多款产品 安全漏洞
Freebox v5 and others are a TV box from the French company Free. A security vulnerability exists in various Freebox products, which stems from the explicit transmission of IMSI identifiers and could lead to device tracking and user monitoring. The following products and versions are affected: the...
CVE-2025-63292
CVE-2025-63292 affects Freebox v5 HD (firmware 1.7.20), Freebox v5 Crystal (1.7.20), Freebox v6 Révolution r1–r3 (4.7.x), Freebox Mini 4K (4.7.x), and Freebox One (4.7.x). The root issue is that during the initial phase of EAP-SIM over the FreeWifi_secure network, the subscriber’s full NAI (embed...