CVE-2018-16061

Mitsubishi Electric Europe B.V. SmartRTU devices allow XSS via the username parameter or PATHINFO to login.php...

CVE-2020-28351

The conferencing component on Mitel ShoreTel 19.46.1802.0 devices could allow an unauthenticated attacker to conduct a reflected cross-site scripting XSS attack via the PATHINFO to index.php due to insufficient validation for the timezone object in the HOMEMEETING& page...

CVE-2020-26135

Live Helper Chat before 3.44v allows reflected XSS via the setsettingajax PATHINFO...

Cross site scripting

Live Helper Chat before 3.44v allows reflected XSS via the setsettingajax PATHINFO...

CVE-2020-26135

CVE-2020-26135 affects Live Helper Chat prior to version 3.44 and allows a reflected XSS via the setsettingajax PATH_INFO. The available connected docs confirm the vulnerability description but do not provide details on affected exact versions beyond “before 3.44v,” nor do they specify concrete e...

CVE-2020-26135

Live Helper Chat before 3.44v allows reflected XSS via the setsettingajax PATHINFO...

Cross-Site Scripting (XSS)

kumbia/framework is vulnerable to cross-site scripting XSS. A remote attacker is able to inject and execute arbitrary Javascript in a user's browser via the PATHINFO in the public/pages/kumbia module...

CVE-2020-14146

KumbiaPHP through 1.1.1, in Development mode, allows XSS via the public/pages/kumbia PATHINFO...

CVE-2020-14146

KumbiaPHP through 1.1.1, in Development mode, allows XSS via the public/pages/kumbia PATHINFO...

Design/Logic Flaw

KumbiaPHP through 1.1.1, in Development mode, allows XSS via the public/pages/kumbia PATHINFO...

CVE-2020-14146

CVE-2020-14146 affects KumbiaPHP (1.1.1 and earlier) in Development mode, enabling Cross‑Site Scripting via public/pages/kumbia PATH_INFO. The root cause is improper handling of PATH_INFO that allows injection/execution of arbitrary JavaScript in a victim’s browser. Several sources (NVD entry, Re...

CVE-2020-14146

KumbiaPHP through 1.1.1, in Development mode, allows XSS via the public/pages/kumbia PATHINFO...

CVE-2020-12679

A reflected cross-site scripting XSS vulnerability in the Mitel ShoreTel Conference Web Application 19.50.1000.0 before MiVoice Connect 18.7 SP2 allows remote attackers to inject arbitrary JavaScript and HTML via the PATHINFO to home.php...

Cross site scripting

A reflected cross-site scripting XSS vulnerability in the Mitel ShoreTel Conference Web Application 19.50.1000.0 before MiVoice Connect 18.7 SP2 allows remote attackers to inject arbitrary JavaScript and HTML via the PATHINFO to home.php...

CVE-2020-12679

A reflected cross-site scripting XSS vulnerability in the Mitel ShoreTel Conference Web Application 19.50.1000.0 before MiVoice Connect 18.7 SP2 allows remote attackers to inject arbitrary JavaScript and HTML via the PATHINFO to home.php...

Exploit for Out-of-bounds Write in Php

PoC CVE-2019-11043 A Python implementation of the CVE-2019-110...

CVE-2020-11944

Abe aka bitcoin-abe through 0.7.2, and 0.8pre, allows XSS in call in abe.py because the PATHINFO environment variable is mishandled during a PageNotFound exception...

Cross site scripting

Abe aka bitcoin-abe through 0.7.2, and 0.8pre, allows XSS in call in abe.py because the PATHINFO environment variable is mishandled during a PageNotFound exception...

CVE-2019-20516

ERPNext 11.1.47 allows reflected XSS via the PATHINFO to the blog/ URI...

CVE-2019-20514

ERPNext 11.1.47 allows reflected XSS via the PATHINFO to the address/ URI...