Lucene search
K

132 matches found

RedhatCVE
RedhatCVE
added 2025/08/01 12:6 a.m.5 views

CVE-2025-8319

the BMA login interface allows arbitrary JavaScript or HTML to be written straight into the page’s Document Object Model via the error= URL parameter...

6.1CVSS7AI score0.00249EPSS
Exploits1References1
OSV
OSV
added 2025/07/30 12:15 a.m.4 views

CVE-2025-8319

the BMA login interface allows arbitrary JavaScript or HTML to be written straight into the page’s Document Object Model via the error= URL parameter...

6.1CVSS5.8AI score0.00249EPSS
Exploits1References1
NVD
NVD
added 2025/07/30 12:15 a.m.11 views

CVE-2025-8319

the BMA login interface allows arbitrary JavaScript or HTML to be written straight into the page’s Document Object Model via the error= URL parameter...

6.1CVSS0.00249EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/07/29 11:31 p.m.10 views

CVE-2025-8319

the BMA login interface allows arbitrary JavaScript or HTML to be written straight into the page’s Document Object Model via the error= URL parameter...

0.00249EPSS
Exploits1References1
CVE
CVE
added 2025/07/29 11:31 p.m.25 views

CVE-2025-8319

CVE-2025-8319 affects Barracuda Message Archiver (BMA) where the login interface permits arbitrary JavaScript/HTML to be written into the page’s DOM via the error= URL parameter, enabling cross-site scripting (XSS). The issue is triggered by the error parameter and involves the BMA web interface,...

6.1CVSS6.9AI score0.00249EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2025/07/29 12:0 a.m.6 views

PT-2025-31341 · Bma · Bma

Name of the Vulnerable Software and Affected Versions: BMA affected versions not specified Description: The BMA login interface allows arbitrary JavaScript or HTML to be written directly into the page’s Document Object Model DOM via the error= URL parameter. This can lead to potential cross-site...

6.1CVSS5.8AI score0.00249EPSS
Exploits1References7
NVD
NVD
added 2025/07/21 2:15 p.m.8 views

CVE-2025-6235

In ExtremeControl before 25.5.12, a cross-site scripting XSS vulnerability was discovered in a login interface of the affected application. The issue stems from improper handling of user-supplied input within HTML attributes, allowing an attacker to inject script code that may execute in a user's...

6.1CVSS0.00223EPSS
Exploits0References1
OSV
OSV
added 2025/07/21 2:15 p.m.4 views

CVE-2025-6235

In ExtremeControl before 25.5.12, a cross-site scripting XSS vulnerability was discovered in a login interface of the affected application. The issue stems from improper handling of user-supplied input within HTML attributes, allowing an attacker to inject script code that may execute in a user's...

6.1CVSS5.7AI score0.00223EPSS
Exploits0References1
CVE
CVE
added 2025/07/21 2:7 p.m.26 views

CVE-2025-6235

CVE-2025-6235 affects ExtremeControl prior to 25.5.12, with an XSS in the login interface due to improper handling of user input in HTML attributes. The vulnerability can allow injected script to run in a user’s browser under certain interactions, potentially exposing user data or enabling unauth...

6.1CVSS5.3AI score0.00223EPSS
Exploits0References1Affected Software1
VulnCheck KEV
VulnCheck KEV
added 2025/06/07 12:0 a.m.5 views

VulnCheck KEV: CVE-2023-6655

A vulnerability, which was classified as critical, has been found in Hongjing e-HR 2020. Affected by this issue is some unknown functionality of the file /wselfservice/oauthservlet/%2e./.%2e/general/inform/org/loadhistroyorgtree of the component Login Interface. The manipulation of the...

9.8CVSS5.5AI score0.03766EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:45 a.m.11 views

CVE-2024-28077

A denial-of-service issue was discovered on certain GL-iNet devices. Some websites can detect devices exposed to the external network through DDNS, and consequently obtain the IP addresses and ports of devices that are exposed. By using special usernames and special characters such as half...

7.5CVSS7AI score0.00431EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:7 a.m.7 views

CVE-2023-6655

A vulnerability, which was classified as critical, has been found in Hongjing e-HR 2020. Affected by this issue is some unknown functionality of the file /wselfservice/oauthservlet/%2e./.%2e/general/inform/org/loadhistroyorgtree of the component Login Interface. The manipulation of the argument...

9.8CVSS7.4AI score0.03766EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:0 p.m.13 views

CVE-2022-26189

TOTOLINK N600R V4.3.0cu.7570B20200620 was discovered to contain a command injection vulnerability via the langType parameter in the login interface...

9.8CVSS7.9AI score0.03458EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/03/28 1:22 a.m.13 views

CVE-2025-26007

Telesquare TLR-2005KSH 1.1.4 has an unauthorized stack overflow vulnerability in the login interface when requesting systemtil.cgi...

9.8CVSS7.4AI score0.00415EPSS
Exploits0References1
OSV
OSV
added 2025/03/26 8:15 p.m.2 views

CVE-2025-26007

Telesquare TLR-2005KSH 1.1.4 has an unauthorized stack overflow vulnerability in the login interface when requesting systemtil.cgi...

9.8CVSS5.8AI score
Exploits0References1
NVD
NVD
added 2025/03/26 8:15 p.m.9 views

CVE-2025-26007

Telesquare TLR-2005KSH 1.1.4 has an unauthorized stack overflow vulnerability in the login interface when requesting systemtil.cgi...

9.8CVSS0.00415EPSS
Exploits0References1
CVE
CVE
added 2025/03/26 12:0 a.m.64 views

CVE-2025-26007

CVE-2025-26007 concerns the Telesquare TLR-2005KSH firmware 1.1.4. The vulnerability is an unauthorized stack overflow in the login interface when requesting systemtil.cgi. Documented impact is Critical (CVSS 3.1: 9.8) with network access, no user interaction, and high impact on confidentiality, ...

9.8CVSS7.6AI score0.00415EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/03/26 12:0 a.m.4 views

CVE-2025-26007

Telesquare TLR-2005KSH 1.1.4 has an unauthorized stack overflow vulnerability in the login interface when requesting systemtil.cgi...

7.3AI score0.00415EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/03/26 12:0 a.m.17 views

CVE-2025-26007

Telesquare TLR-2005KSH 1.1.4 has an unauthorized stack overflow vulnerability in the login interface when requesting systemtil.cgi...

0.00415EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2024/12/23 12:0 a.m.8 views

The vulnerability of the user_login.cgi web interface of the DrayTek Vigor router software allows a hacker to execute arbitrary code.

The vulnerability of the userlogin.cgi web interface of the DrayTek Vigor router software lies in improper code generation. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

10CVSS8.2AI score0.0086EPSS
Exploits0References4Affected Software31
Rows per page
Query Builder