364 matches found
OpenSourceCMS.com Clansphere CMS 跨站脚本漏洞
ClanSphere is a modular Web-CMS. A cross-site scripting vulnerability exists in Clansphere 2011.4. The vulnerability can be exploited to inject JavaScript via the "language" parameter...
CVE-2020-35228
A cross-site scripting XSS vulnerability in the administration web panel on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices allows remote attackers to inject arbitrary web script or HTML via the language parameter...
CVE-2020-35228
A cross-site scripting XSS vulnerability in the administration web panel on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices allows remote attackers to inject arbitrary web script or HTML via the language parameter...
Cross site scripting
A cross-site scripting XSS vulnerability in the administration web panel on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices allows remote attackers to inject arbitrary web script or HTML via the language parameter...
Netgear NETGEAR JGS516PE 跨站脚本漏洞
The NETGEAR JGS516PE/GS116Ev2 is a 16-port Gigabit Smart Managed Plus switch. A cross-site scripting vulnerability exists in the management web panel of the NETGEAR JGS516PE/GS116Ev2 version 2.6.0.43. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML via the...
CVE-2020-22474
In webERP 4.15, the ManualContents.php file allows users to specify the "Language" parameter, which can lead to local file inclusion...
webERP 安全漏洞
webERP is a free and open source ERP system that provides best practice, multi-user business management and accounting tools over the web. A local file inclusion vulnerability exists in webERP 4.15. The vulnerability stems from the ManualContents.php file allowing users to specify the "Language"...
Belkin LINKSYS WRT160NL 操作系统命令注入漏洞
The Belkin LINKSYS WRT160NL is a wireless router from Belkin USA. A security vulnerability exists in Belkin Linksys WRT160NL 1.0.04.002US20130619, which stems from a failure to properly filter special characters, commands, etc. within it. A remote authenticated attacker could execute system...
PT-2021-16511 · Belkin · Belkin Linksys Wrt160Nl
Name of the Vulnerable Software and Affected Versions: Belkin Linksys WRT160NL version 1.0.04.002 US 20130619 Description: The administration web interface on Belkin Linksys WRT160NL devices allows remote authenticated attackers to execute system commands with root privileges via shell...
CVE-2020-27982
CVE-2020-27982 affects IceWarp WebMail 11.4.5.0 and is an XSS vulnerability exploitable via the language parameter (e.g., /webmail/?language=). The root cause is improper handling of the language parameter, enabling arbitrary JavaScript execution in a victim’s browser (session hijacking/defacemen...
CVE-2020-27982
IceWarp 11.4.5.0 allows XSS via the language parameter...
CVE-2020-27982
IceWarp 11.4.5.0 allows XSS via the language parameter...
CVE-2020-27982
IceWarp 11.4.5.0 allows XSS via the language parameter...
Cross site scripting
IceWarp 11.4.5.0 allows XSS via the language parameter...
PT-2020-16888 · Icewarp · Icewarp
Name of the Vulnerable Software and Affected Versions: IceWarp version 11.4.5.0 Description: The issue allows for a Cross-Site Scripting XSS attack via the language parameter. This can potentially lead to malicious script execution on the client-side. The estimated number of affected devices and...
TikTok: Multiple Cross-Site Scripting vulnerability via the language parameter
A cross site scripting vulnerability was reported across multiple TikTok domains leveraging the language parameter. This issue has been promptly resolved. We thank @luizviana for reporting this to our team and confirming the resolution...
CVE-2020-11546
SuperWebMailer 7.21.0.01526 is susceptible to a remote code execution vulnerability in the Language parameter of mailingupgrade.php. An unauthenticated remote attacker can exploit this behavior to execute arbitrary PHP code via Code Injection...
CVE-2020-11546
SuperWebMailer 7.21.0.01526 is susceptible to a remote code execution vulnerability in the Language parameter of mailingupgrade.php. An unauthenticated remote attacker can exploit this behavior to execute arbitrary PHP code via Code Injection...
CVE-2020-11546
SuperWebMailer 7.21.0.01526 is susceptible to a remote code execution vulnerability in the Language parameter of mailingupgrade.php. An unauthenticated remote attacker can exploit this behavior to execute arbitrary PHP code via Code Injection...
CVE-2020-11546
SuperWebMailer CVE-2020-11546 affects version 7.21.0.01526. The vulnerability is a remote code execution in the Language parameter of mailingupgrade.php that allows an unauthenticated attacker to execute arbitrary PHP code via Code Injection. The NVD entry rates the impact as high/critical (CVSS ...