276 matches found
CVE-2020-20908
Akaunting v1.3.17 was discovered to contain a stored cross-site scripting XSS vulnerability which allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Company Name input field...
Akaunting 跨站脚本漏洞
Akaunting, an application from Akaunting, Inc. provides all the tools needed to manage funds online.Akaunting version 1.3.17 contains a cross-site scripting vulnerability that stems from a lack of checksum filtering of user-supplied and output data in the company name input field. An attacker cou...
CVE-2020-18048
An issue in craigms/main.php of CraigMS 1.0 allows attackers to execute arbitrary commands via a crafted input entered into the DB Name field...
CVE-2021-3351
OpenPLC runtime V3 through 2016-03-14 allows stored XSS via the Device Name to the web server's Add New Device page...
CVE-2021-3351
OpenPLC runtime V3 through 2016-03-14 allows stored XSS via the Device Name to the web server's Add New Device page...
NCH Axon PBX Cross-Site Scripting Vulnerability (CNVD-2021-55888)
NCH Axon PBX is a set of virtual telephone switch software used in commercial environments. The software is primarily used to manage telephone call centers and implements the functionality of a telephone switch in software.A cross-site scripting vulnerability exists in NCH Axon PBX, which stems...
NCH Axon PBX 跨站脚本漏洞
NCH Axon PBX is a set of virtual telephone switch software used in commercial environments. The software is primarily used to manage telephone call centers and implements the functionality of a telephone switch in software.A cross-site scripting vulnerability exists in NCH Axon PBX, which stems...
CVE-2019-14478
AdRem NetCrunch 10.6.0.4587 has a stored Cross-Site Scripting XSS vulnerability in the NetCrunch web client. The user's input data is not properly encoded when being echoed back to the user. This data can be interpreted as executable code by the browser and allows an attacker to execute JavaScrip...
AdRem NetCrunch Cross-Site Scripting Vulnerability
Adrem Netcrunch is a device monitoring software from the American company Adrem. The software monitors Windows, Linux, Mac OS X, BSD, NetWare, and SNMP devices based on SNMP sources, Windows event logs, and Syslog servers. A cross-site scripting vulnerability exists in AdRem NetCrunch 10.6.0.4587...
CVE-2020-15951
Immuta v2.8.2 accepts user-supplied project names without properly sanitizing the input, allowing attackers to inject arbitrary HTML content that is rendered as part of the application. An attacker could leverage this to redirect application users to a phishing website in an attempt to steal...
CVE-2020-9371
Stored XSS exists in the Appointment Booking Calendar plugin before 1.3.35 for WordPress. In the cpabcappointments.php file, the Calendar Name input could allow attackers to inject arbitrary JavaScript or HTML...
Command Injection
Overview devcert-sanscache is a package that can be used to generate trusted local SSL/TLS certificates for local SSL development. Affected versions of this package are vulnerable to Command Injection. The variable commonName controlled by user input is used as part of the exec function without a...
PYSEC-2019-112
In Archery before 1.3, inserting an XSS payload into a project name either by creating a new project or editing an existing one will result in stored XSS on the vulnerability-scan scheduling page...
CVE-2019-0375
SAP BusinessObjects Business Intelligence Platform Web Intelligence HTML interface, before versions 4.2 and 4.3, does not sufficiently encode user-controlled inputs and allows execution of scripts in the export dialog box of the report name resulting in reflected Cross-Site Scripting...
Cross-site Scripting (XSS)
http-file-server is vulnerable to cross-site scripting XSS attack. It is possible because it does not handle the file name input from the user, allowing a malicious user to inject arbitrary script though it...
Buffer Overflow Vulnerability in iSmartViewPro Software
iSmartViewPro is a network surveillance software to monitor your home or store in real time. Users can add, edit or delete devices, watch videos in real time, control the PTZ by sliding or pressing buttons, set video parameters, capture pictures, playback videos, set alarms, etc. It can be used t...
CVE-2018-20368
The Master Slider plugin 3.2.7 and 3.5.1 for WordPress has XSS via the wp-admin/admin-ajax.php Name input field of the MSPanel.Settings value on Callback...
CVE-2018-3953
Devices in the Linksys ESeries line of routers Linksys E1200 Firmware Version 2.0.09 and Linksys E2500 Firmware Version 3.0.04 are susceptible to OS command injection vulnerabilities due to improper filtering of data passed to and retrieved from NVRAM. Data entered into the 'Router Name' input...
CVE-2018-3954
Devices in the Linksys ESeries line of routers Linksys E1200 Firmware Version 2.0.09 and Linksys E2500 Firmware Version 3.0.04 are susceptible to OS command injection vulnerabilities due to improper filtering of data passed to and retrieved from NVRAMData entered into the 'Router Name' input fiel...
Article Factory Manager SQL Injection Vulnerability in Joomla!
Joomla! is the United States Open Source Matters team developed a set of open source content management system CMS. A SQL injection vulnerability exists in the Article Factory Manager component of Joomla! The vulnerability is caused by inserting SQL commands into the query string of a web form...