132 matches found
CVE-2025-8319
the BMA login interface allows arbitrary JavaScript or HTML to be written straight into the page’s Document Object Model via the error= URL parameter...
CVE-2025-8319
the BMA login interface allows arbitrary JavaScript or HTML to be written straight into the page’s Document Object Model via the error= URL parameter...
CVE-2025-8319
the BMA login interface allows arbitrary JavaScript or HTML to be written straight into the page’s Document Object Model via the error= URL parameter...
CVE-2025-8319
the BMA login interface allows arbitrary JavaScript or HTML to be written straight into the page’s Document Object Model via the error= URL parameter...
CVE-2025-8319
CVE-2025-8319 affects Barracuda Message Archiver (BMA) where the login interface permits arbitrary JavaScript/HTML to be written into the page’s DOM via the error= URL parameter, enabling cross-site scripting (XSS). The issue is triggered by the error parameter and involves the BMA web interface,...
PT-2025-31341 · Bma · Bma
Name of the Vulnerable Software and Affected Versions: BMA affected versions not specified Description: The BMA login interface allows arbitrary JavaScript or HTML to be written directly into the page’s Document Object Model DOM via the error= URL parameter. This can lead to potential cross-site...
CVE-2025-6235
In ExtremeControl before 25.5.12, a cross-site scripting XSS vulnerability was discovered in a login interface of the affected application. The issue stems from improper handling of user-supplied input within HTML attributes, allowing an attacker to inject script code that may execute in a user's...
CVE-2025-6235
In ExtremeControl before 25.5.12, a cross-site scripting XSS vulnerability was discovered in a login interface of the affected application. The issue stems from improper handling of user-supplied input within HTML attributes, allowing an attacker to inject script code that may execute in a user's...
CVE-2025-6235
CVE-2025-6235 affects ExtremeControl prior to 25.5.12, with an XSS in the login interface due to improper handling of user input in HTML attributes. The vulnerability can allow injected script to run in a user’s browser under certain interactions, potentially exposing user data or enabling unauth...
VulnCheck KEV: CVE-2023-6655
A vulnerability, which was classified as critical, has been found in Hongjing e-HR 2020. Affected by this issue is some unknown functionality of the file /wselfservice/oauthservlet/%2e./.%2e/general/inform/org/loadhistroyorgtree of the component Login Interface. The manipulation of the...
CVE-2024-28077
A denial-of-service issue was discovered on certain GL-iNet devices. Some websites can detect devices exposed to the external network through DDNS, and consequently obtain the IP addresses and ports of devices that are exposed. By using special usernames and special characters such as half...
CVE-2023-6655
A vulnerability, which was classified as critical, has been found in Hongjing e-HR 2020. Affected by this issue is some unknown functionality of the file /wselfservice/oauthservlet/%2e./.%2e/general/inform/org/loadhistroyorgtree of the component Login Interface. The manipulation of the argument...
CVE-2022-26189
TOTOLINK N600R V4.3.0cu.7570B20200620 was discovered to contain a command injection vulnerability via the langType parameter in the login interface...
CVE-2025-26007
Telesquare TLR-2005KSH 1.1.4 has an unauthorized stack overflow vulnerability in the login interface when requesting systemtil.cgi...
CVE-2025-26007
Telesquare TLR-2005KSH 1.1.4 has an unauthorized stack overflow vulnerability in the login interface when requesting systemtil.cgi...
CVE-2025-26007
Telesquare TLR-2005KSH 1.1.4 has an unauthorized stack overflow vulnerability in the login interface when requesting systemtil.cgi...
CVE-2025-26007
CVE-2025-26007 concerns the Telesquare TLR-2005KSH firmware 1.1.4. The vulnerability is an unauthorized stack overflow in the login interface when requesting systemtil.cgi. Documented impact is Critical (CVSS 3.1: 9.8) with network access, no user interaction, and high impact on confidentiality, ...
CVE-2025-26007
Telesquare TLR-2005KSH 1.1.4 has an unauthorized stack overflow vulnerability in the login interface when requesting systemtil.cgi...
CVE-2025-26007
Telesquare TLR-2005KSH 1.1.4 has an unauthorized stack overflow vulnerability in the login interface when requesting systemtil.cgi...
The vulnerability of the user_login.cgi web interface of the DrayTek Vigor router software allows a hacker to execute arbitrary code.
The vulnerability of the userlogin.cgi web interface of the DrayTek Vigor router software lies in improper code generation. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...