Lucene search
+L

313 matches found

ATTACKERKB
ATTACKERKB
added 2026/02/15 1:58 p.m.4 views

CVE-2019-25372

OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by exploiting insufficient input validation in the host parameter. Attackers can submit crafted payloads through POST requests to diagtraceroute.php to execute...

6.1CVSS5.5AI score0.00241EPSS
Exploits1References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/15 1:58 p.m.5 views

CVE-2019-25371 OPNsense 19.1 Reflected XSS via diag_ping.php

OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by exploiting insufficient input validation in the host parameter. Attackers can submit crafted POST requests to the diagping.php endpoint with script payloads i...

6.1CVSS5.6AI score0.00241EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/02/15 1:58 p.m.31 views

CVE-2019-25371 OPNsense 19.1 Reflected XSS via diag_ping.php

OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by exploiting insufficient input validation in the host parameter. Attackers can submit crafted POST requests to the diagping.php endpoint with script payloads i...

6.1CVSS0.00241EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/02/15 1:58 p.m.6 views

CVE-2019-25371

OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by exploiting insufficient input validation in the host parameter. Attackers can submit crafted POST requests to the diagping.php endpoint with script payloads i...

6.1CVSS5.5AI score0.00241EPSS
Exploits1References4Affected Software1
EUVD
EUVD
added 2026/02/15 1:58 p.m.7 views

EUVD-2019-19424

OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by exploiting insufficient input validation in the host parameter. Attackers can submit crafted POST requests to the diagping.php endpoint with script payloads i...

6.1CVSS5.6AI score0.00241EPSS
Exploits1References4
CVE
CVE
added 2026/02/15 1:58 p.m.25 views

CVE-2019-25371

CVE-2019-25371 affects OPNsense 19.1. It is a reflected cross-site scripting vulnerability in the diag_ping.php endpoint where insufficient input validation on the host parameter allows unauthenticated users to submit crafted POST requests and execute arbitrary JavaScript in other users’ browsers...

6.1CVSS5.5AI score0.00241EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/15 12:0 a.m.10 views

PT-2026-8244

OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by exploiting insufficient input validation in the host parameter. Attackers can submit crafted payloads through POST requests to diag traceroute.php to execute...

6.1CVSS5.5AI score0.00241EPSS
Exploits1References5
CNNVD
CNNVD
added 2026/02/15 12:0 a.m.7 views

Deciso OPNsense 跨站脚本漏洞

Deciso OPNsense is a set of open-source firewall and routing software based on FreeBSD developed by the Dutch company Deciso. Version Decivo OPNsense 19.1 contains a cross-site scripting vulnerability. This vulnerability stems from insufficient input validation for the host parameter in the...

6.1CVSS5.9AI score0.00241EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/02/15 12:0 a.m.9 views

Deciso OPNsense 跨站脚本漏洞

Deciso OPNsense is a firewall and router operating system developed by the Dutch company Deciso. Version 19.1 of Decivo OPNsense contains a cross-site scripting vulnerability. This vulnerability stems from insufficient input validation for the host parameter in the diagping.php endpoint, which ma...

6.1CVSS5.9AI score0.00241EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/02/15 12:0 a.m.15 views

PT-2026-8243

OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by exploiting insufficient input validation in the host parameter. Attackers can submit crafted POST requests to the diag ping.php endpoint with script payloads ...

6.1CVSS5.5AI score0.00241EPSS
Exploits1References5
NVD
NVD
added 2026/01/30 5:16 p.m.4 views

CVE-2020-36966

Dolibarr 11.0.3 contains a persistent cross-site scripting vulnerability in LDAP synchronization settings that allows attackers to inject malicious scripts through multiple parameters. Attackers can exploit the host, slave, and port parameters in /dolibarr/admin/ldap.php to execute arbitrary...

6.4CVSS0.00244EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/01/30 5:16 p.m.4 views

CVE-2020-36966

Dolibarr 11.0.3 contains a persistent cross-site scripting vulnerability in LDAP synchronization settings that allows attackers to inject malicious scripts through multiple parameters. Attackers can exploit the host, slave, and port parameters in /dolibarr/admin/ldap.php to execute arbitrary...

6.4CVSS5.9AI score0.00244EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/01/30 4:32 p.m.6 views

CVE-2026-1689 Tenda HG10 Login formLogin checkUserFromLanOrWan command injection

A vulnerability was detected in Tenda HG10 USHG7HG9HG10re300001138enxpon. The impacted element is the function checkUserFromLanOrWan of the file /boaform/admin/formLogin of the component Login Interface. The manipulation of the argument Host results in command injection. The attack can be launche...

7.5CVSS7AI score0.02537EPSS
Exploits1References6
Cvelist
Cvelist
added 2026/01/30 4:32 p.m.39 views

CVE-2026-1689 Tenda HG10 Login formLogin checkUserFromLanOrWan command injection

A vulnerability was detected in Tenda HG10 USHG7HG9HG10re300001138enxpon. The impacted element is the function checkUserFromLanOrWan of the file /boaform/admin/formLogin of the component Login Interface. The manipulation of the argument Host results in command injection. The attack can be launche...

7.5CVSS0.02537EPSS
Exploits1References6
Cvelist
Cvelist
added 2026/01/30 4:16 p.m.44 views

CVE-2020-36966 Dolibarr 11.0.3 - 'ldap.php' - Persistent Cross-Site Scripting

Dolibarr 11.0.3 contains a persistent cross-site scripting vulnerability in LDAP synchronization settings that allows attackers to inject malicious scripts through multiple parameters. Attackers can exploit the host, slave, and port parameters in /dolibarr/admin/ldap.php to execute arbitrary...

6.4CVSS0.00244EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/01/30 4:16 p.m.3 views

CVE-2020-36966 Dolibarr 11.0.3 - 'ldap.php' - Persistent Cross-Site Scripting

Dolibarr 11.0.3 contains a persistent cross-site scripting vulnerability in LDAP synchronization settings that allows attackers to inject malicious scripts through multiple parameters. Attackers can exploit the host, slave, and port parameters in /dolibarr/admin/ldap.php to execute arbitrary...

6.4CVSS6AI score0.00244EPSS
Exploits0References3
CVE
CVE
added 2026/01/30 4:16 p.m.28 views

CVE-2020-36966

CVE-2020-36966 affects Dolibarr 11.0.3: a persistent XSS in LDAP synchronization (/dolibarr/admin/ldap.php) allows injection via host, slave, and port parameters, enabling arbitrary JavaScript execution and potential cookie theft. Public sources describe the vulnerability; no patch details are pr...

6.4CVSS6AI score0.00244EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/01/30 12:0 a.m.8 views

Tenda HG10 command injection vulnerability

The Tenda HG10 is a fiber-optic router produced by the Chinese company Tenda. The Tenda HG10 USHG7HG9HG10re300001138enxpon has a command injection vulnerability. This vulnerability stems from incorrect handling of parameters in the files /boaform/admin/formLogin, specifically the parameter Host,...

7.5CVSS7.1AI score0.02537EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2026/01/30 12:0 a.m.30 views

PT-2026-5411

Dolibarr 11.0.3 contains a persistent cross-site scripting vulnerability in LDAP synchronization settings that allows attackers to inject malicious scripts through multiple parameters. Attackers can exploit the host, slave, and port parameters in /dolibarr/admin/ldap.php to execute arbitrary...

6.4CVSS6AI score0.00244EPSS
Exploits0References4
Hacker One
Hacker One
added 2026/01/20 9:29 p.m.14 views

Weblate: Argument Injection in /manage/ssh/ via host parameter leads to sensitive file disclosure on Weblate

A vulnerability was discovered in the SSH management interface of Weblate, a web-based translation tool. The vulnerability allowed an attacker with administrative privileges to inject command-line arguments into the host parameter, leading to sensitive file disclosure on the server. The vulnerabl...

9.1CVSS5.4AI score0.00447EPSS
Exploits3
Rows per page
Query Builder