opencms 代码注入漏洞

opencms is a CMS system by fumiao individual developer. A code injection vulnerability exists in opencms version 2.2, which originates from the parameter model in the file /admin/model/addOrUpdate that can lead to cross-site scripting...

GHSA-CPCX-R2GQ-X893 LocalAI path traversal vulnerability

A path traversal vulnerability exists in mudler/localai version 2.14.0, where an attacker can exploit the model parameter during the model deletion process to delete arbitrary files. Specifically, by crafting a request with a manipulated model parameter, an attacker can traverse the directory...

LocalAI path traversal vulnerability

A path traversal vulnerability exists in mudler/localai version 2.14.0, where an attacker can exploit the model parameter during the model deletion process to delete arbitrary files. Specifically, by crafting a request with a manipulated model parameter, an attacker can traverse the directory...

CVE-2024-5182

A path traversal vulnerability exists in mudler/localai version 2.14.0, where an attacker can exploit the model parameter during the model deletion process to delete arbitrary files. Specifically, by crafting a request with a manipulated model parameter, an attacker can traverse the directory...

CVE-2024-5182 Path Traversal in mudler/localai

A path traversal vulnerability exists in mudler/localai version 2.14.0, where an attacker can exploit the model parameter during the model deletion process to delete arbitrary files. Specifically, by crafting a request with a manipulated model parameter, an attacker can traverse the directory...

CVE-2024-5182

CVE-2024-5182 describes a path traversal vulnerability in mudler/localai 2.14.0 where an attacker can exploit the manipulated, input-validated model parameter during the model deletion process to delete arbitrary files. The issue arises from insufficient input validation and sanitization of the m...

PT-2024-34946 · Go Skynet · Localai

Name of the Vulnerable Software and Affected Versions: mudler/localai version 2.14.0 github.com/go-skynet/LocalAI before v2.16.0 Description: A path traversal vulnerability exists, allowing an attacker to exploit the model parameter during the model deletion process to delete arbitrary files. By...

PT-2024-18691 · Sourcecodester · Sourcecodester Computer Inventory System

Name of the Vulnerable Software and Affected Versions: SourceCodester Computer Inventory System version 1.0 Description: A problematic issue has been found in the system, affecting the file /endpoint/add-computer.php. The manipulation of the model argument leads to cross-site scripting. This issu...

PT-2024-18693 · Sourcecodester · Sourcecodester Computer Inventory System

Name of the Vulnerable Software and Affected Versions: SourceCodester Computer Inventory System version 1.0 Description: A problem was found in the processing of the file /endpoint/update-computer.php. The manipulation of the model argument leads to cross-site scripting. The attack can be initiat...

Cross site scripting

A Cross-site scripting XSS vulnerability has been found on WIC1200, affecting version 1.1. An authenticated user could store a malicious javascript payload in the device model parameter via '/setup/diagsirlearn.asp', allowing the attacker to retrieve the session details of another user...

CVE-2024-0554 Cross-site scripting (XSS) vulnerability on WIC1200

A Cross-site scripting XSS vulnerability has been found on WIC1200, affecting version 1.1. An authenticated user could store a malicious javascript payload in the device model parameter via '/setup/diagsirlearn.asp', allowing the attacker to retrieve the session details of another user...

PT-2024-15653 · Wic1200 · Wic1200

Name of the Vulnerable Software and Affected Versions: WIC1200 version 1.1 Description: A Cross-site scripting XSS vulnerability has been found, allowing an authenticated user to store a malicious javascript payload in the device model parameter via "/setup/diags ir learn.asp". This enables the...

CVE-2023-5585

A vulnerability was found in SourceCodester Online Motorcycle Rental System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /admin/?page=bike of the component Bike List. The manipulation of the argument Model with the input "confirm document.cookie...

SourceCodester Online Motorcycle Rental System Cross-Site Scripting Vulnerability

Online Motorcycle Rental System is a CMS. A cross-site scripting vulnerability exists in SourceCodester Online Motorcycle Rental System version 1.0, which stems from unknown code in the component Bike List /admin/?page=bike, which leads to cross-site scripting via the parameter model...

PT-2023-32196 · Unknown · Sourcecodester Online Motorcycle Rental System

Name of the Vulnerable Software and Affected Versions: SourceCodester Online Motorcycle Rental System version 1.0 Description: A vulnerability was found in the SourceCodester Online Motorcycle Rental System. It affects the file /admin/?page=bike of the component Bike List. The manipulation of the...

CVE-2017-7386

citymont/symetrie v.0.9.6 is vulnerable to a reflected XSS in symetrie-master/app/commands/page.php model parameter...

ritewaypackaging.ca XSS vulnerability

Vulnerable URL: http://www.ritewaypackaging.ca/equiplist.php?model=%22%3E%3Csvg/onload=prompt%28/XSSPOSED/%29%3E Details: Description| Value ---|--- Patched:| No Latest check for patch:| 25.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not...

CVE-2014-3428

Cross-site scripting XSS vulnerability in Yealink VoIP Phones with firmware 28.72.0.2 allows remote attackers to inject arbitrary web script or HTML via the model parameter to servlet...

Cross site scripting

Cross-site scripting XSS vulnerability in Yealink VoIP Phones with firmware 28.72.0.2 allows remote attackers to inject arbitrary web script or HTML via the model parameter to servlet...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Pay Per Minute Video Chat Script 2.0 and 2.1 allow remote attackers to inject arbitrary web script or HTML via the 1 id parameter to admin/memberviewdetails.php and the 2 model parameter to videos.php...