PT-2026-20811

Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input to the netmask addr parameter. Attackers can send POST requests to the netwizard2 endpoint with script payloads in the netmask addr...

PT-2026-20829

Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input to the dnsmasq endpoint. Attackers can send POST requests with script payloads in the TRANSPARENT SOURCE BYPASS or TRANSPARENT DESTINATI...

PT-2026-20819

Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input through the device parameter. Attackers can send POST requests to the QoS devices management endpoint with script payloads in the device...

PT-2026-20828

Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input to the VIRUS ADMIN parameter. Attackers can send POST requests to the smtpconfig endpoint with script payloads to execute arbitrary...

PT-2026-20816

Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the ID parameter. Attackers can craft requests to the /manage/ips/rules/ endpoint with script payloads in the ID parameter to execut...

Linux Distros Unpatched Vulnerability : CVE-2026-25500

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Rack is a modular Ruby web server interface. Prior to versions 2.2.22, 3.1.20, and 3.2.5, Rack::Directory generates an HTML directory index where each file entr...

CVE-2019-25397

IPFire 2.21 Core Update 127 contains multiple reflected cross-site scripting vulnerabilities in the hosts.cgi script that allow attackers to inject malicious scripts through unvalidated parameters. Attackers can submit POST requests with script payloads in the KEY1, IP, HOST, or DOM parameters to...

CVE-2019-25356

CVE-2019-25356 affects Bematech MP-4200 TH printer (formerly Logic Controls, now Elgin). The admin configuration page is vulnerable to cross-site scripting via crafted POST requests with malformed 'admin' and 'person' parameters, allowing execution of arbitrary JavaScript in an authenticated user...

CVE-2019-25398

IPFire 2.21 Core Update 127 contains multiple cross-site scripting vulnerabilities in the ovpnmain.cgi script. The issue allows attackers to inject arbitrary JavaScript by submitting POST parameters such as VPN_IP, DMTU, ccdname, ccdsubnet, DOVPN_SUBNET, DHCP_DOMAIN, DHCP_DNS, DHCP_WINS, ROUTES_P...

RSEC-2026-0 Cross-site Request Forgery (CSRF) vulnerability

The widgetframe R package is exposed to a vulnerability due to its use of the Pym.js library version 1.3.1. This can result in arbitrary javascript code execution...

Bematech MP-4200 TH 跨站脚本漏洞

The Bematech MP-4200 TH is a thermal receipt printer produced by the British company Bematech. The Bematech MP-4200 TH has a cross-site scripting vulnerability. This vulnerability stems from a cross-site scripting vulnerability present in the administrator configuration page, which may allow...

PT-2026-20502

IPFire 2.21 Core Update 127 contains multiple reflected cross-site scripting vulnerabilities in the fwhosts.cgi script that allow attackers to inject malicious scripts through multiple parameters including HOSTNAME, IP, SUBNET, NETREMARK, HOSTREMARK, newhost, grp name, remark, SRV NAME, SRV PORT,...

CVE-2019-25382

Smoothwall Express 3.1-SP4-polar-x8664-update9 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the NTPSERVER parameter. Attackers can send POST requests to the time.cgi endpoint with script payloads in the...

CVE-2019-25379

Smoothwall Express 3.1-SP4-polar-x8664-update9 contains stored and reflected cross-site scripting vulnerabilities in the urlfilter.cgi endpoint that allow attackers to inject malicious scripts. Attackers can submit POST requests with script payloads in the REDIRECTPAGE or CHILDREN parameters to...

CVE-2019-25394

CVE-2019-25394 affects Smoothwall Express 3.1-SP4-polar-x86_64-update9, with stored cross-site scripting in the modem.cgi script. Malicious payloads injected via POST parameters (INIT, HANGUP, SPEAKER_ON, SPEAKER_OFF, TONE_DIAL, PULSE_DIAL) can lead to arbitrary JavaScript execution in users’ bro...

CVE-2019-25394

Smoothwall Express 3.1-SP4-polar-x8664-update9 contains multiple stored cross-site scripting vulnerabilities in the modem.cgi script that allow attackers to inject malicious scripts through POST parameters. Attackers can submit crafted payloads in parameters like INIT, HANGUP, SPEAKERON,...

CVE-2019-25383 Smoothwall Express 3.1 'apcupsd.cgi' Cross-Site Scripting

Smoothwall Express 3.1-SP4-polar-x8664-update9 contains multiple reflected cross-site scripting vulnerabilities in the apcupsd.cgi script that allow attackers to inject malicious scripts through multiple POST parameters. Attackers can submit crafted POST requests with script payloads in parameter...

CVE-2019-25383

CVE-2019-25383 affects Smoothwall Express 3.1-SP4-polar-x86_64-update9. The vulnerability is a set of reflected cross-site scripting flaws in apcupsd.cgi, allowing an attacker to inject arbitrary JavaScript in victim browsers by crafting POST requests with payloads in parameters such as BATTLEVEL...

Smoothwall Express 跨站脚本漏洞

Smoothwall Express is Smoothwall open source a GNU/Linux-based firewall operating system . Smoothwall Express proxy.cgi endpoint cross-site scripting vulnerability , the vulnerability stems from the proxy.cgi endpoint in a number of parameters of the user-supplied data lack of effective filtering...

Smoothwall Express 跨站脚本漏洞

Smoothwall Express is Smoothwall open source a GNU/Linux-based firewall operating system . Smoothwall Express cross-site scripting vulnerability , the vulnerability stems from the hosts.cgi script in the IP, HOSTNAME or COMMENT parameter on the user-supplied data lack of effective filtering and...