272 matches found
Nsasoft Nsauditor 安全漏洞
Nsasoft Nsauditor is a network security software developed by the American company Nsasoft. Version Nsasoft Nsauditor 3.2.0.0 contains a security vulnerability. This vulnerability stems from improper handling of the registered name input field, which may lead to application crashes...
PT-2026-6574
Name of the Vulnerable Software and Affected Versions Nsauditor version 3.2.0.0 Description The software contains a denial of service condition in the registration name input field. An attacker can cause the application to crash by providing a malicious payload of 1000 bytes of repeated character...
CVE-2022-50952 Banco Guayaquil 8.0.0 Mobile iOS Cross-Site Scripting via Profile Name Input
Banco Guayaquil 8.0.0 mobile iOS application contains a persistent cross-site scripting vulnerability in the TextBox Name Profile input. Attackers can inject malicious script code through a POST request that executes on application review without user interaction...
CVE-2022-50952 Banco Guayaquil 8.0.0 Mobile iOS Cross-Site Scripting via Profile Name Input
Banco Guayaquil 8.0.0 mobile iOS application contains a persistent cross-site scripting vulnerability in the TextBox Name Profile input. Attackers can inject malicious script code through a POST request that executes on application review without user interaction...
EUVD-2020-30936
Frigate Professional 3.36.0.9 contains a local buffer overflow vulnerability in the 'Find Computer' feature that allows attackers to execute arbitrary code by overflowing the computer name input field. Attackers can craft a malicious payload that triggers a buffer overflow, enabling code executio...
CVE-2020-37042 Frigate Professional 3.36.0.9 - 'Find Computer' Local Buffer Overflow
Frigate Professional 3.36.0.9 contains a local buffer overflow vulnerability in the 'Find Computer' feature that allows attackers to execute arbitrary code by overflowing the computer name input field. Attackers can craft a malicious payload that triggers a buffer overflow, enabling code executio...
CVE-2020-37014 Tryton 5.4 - Persistent Cross-Site Scripting
Tryton 5.4 contains a persistent cross-site scripting vulnerability in the user profile name input that allows remote attackers to inject malicious scripts. Attackers can exploit the vulnerability by inserting script payloads in the name field, which execute in the frontend and backend user...
PT-2026-5482
Name of the Vulnerable Software and Affected Versions Frigate Professional version 3.36.0.9 Description Frigate Professional 3.36.0.9 contains a local buffer overflow in the 'Find Computer' feature. An attacker can execute arbitrary code by overflowing the computer name input field. A malicious...
CVE-2025-59896 Authenticated Cross-Site Scripting (XSS) vulnerability in Sync Breeze Enterprise Server
Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a persistent authenticated Cross-Site Scripting XSS vulnerability. An attacker could send malicious content to an authenticated user and steal information from their session due to insufficient validation of user...
Astra Linux – Vulnerability in grub2
A flaw was discovered in the HFS filesystem. When reading the name of an HFS volume during the grubfsmount function, the HFS filesystem driver uses the user-provided volume name as input without properly verifying the length of that name. This issue may lead to a heap-based out-of-bounds write...
CVE-2020-36931
Click2Magic 1.1.5 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious scripts in the chat name input. Attackers can craft a malicious payload in the chat name to capture administrator cookies when the admin processes user requests...
CVE-2020-36931
Click2Magic 1.1.5 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious scripts in the chat name input. Attackers can craft a malicious payload in the chat name to capture administrator cookies when the admin processes user requests...
CVE-2020-36931 Click2Magic 1.1.5 - Stored Cross-Site Scripting
Click2Magic 1.1.5 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious scripts in the chat name input. Attackers can craft a malicious payload in the chat name to capture administrator cookies when the admin processes user requests...
CVE-2020-36931
Click2Magic 1.1.5 is affected by a stored cross-site scripting vulnerability in the chat name input. The condition allows attackers to inject scripts that can capture administrator cookies when the admin processes user requests. Reported CVSS details indicate Medium severity (CVSSv4 = 5.1; CVSSv3...
EUVD-2026-4632
Click2Magic 1.1.5 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious scripts in the chat name input. Attackers can craft a malicious payload in the chat name to capture administrator cookies when the admin processes user requests...
PT-2026-4649
Click2Magic 1.1.5 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious scripts in the chat name input. Attackers can craft a malicious payload in the chat name to capture administrator cookies when the admin processes user requests...
CVE-2021-47893
AgataSoft PingMaster Pro 2.1 contains a denial of service vulnerability in the Trace Route feature that allows attackers to crash the application by overflowing the host name input field. Attackers can generate a 10,000-character buffer and paste it into the host name field to trigger an...
CVE-2025-40679 HTML injection in Isshue from Bdtask
HTML Injection vulnerability in Isshue by Bdtask, consisting os an HTML injection due to a lack os proper validation of user input by sending a POST request to '/categoryproductsearch', affecting the 'productname' parameter...
CVE-2025-40679
CVE-2025-40679 describes an HTML injection in Isshue by Bdtask resulting from insufficient validation of the product_name input in a POST to /category_product_search (or variant paths in connected records). Affected component is the Isshue module of Bdtask software; root cause is improper input v...
CVE-2021-28160
Wireless-N WiFi Repeater REV 1.0 28.08.06.1 suffers from a reflected XSS vulnerability due to unsanitized SSID value when the latter is displayed in the /repeater.html page "Repeater Wizard" homepage section...