CVE-2020-37086

Easy Transfer 1.7 iOS mobile application contains a directory traversal vulnerability that allows remote attackers to access unauthorized file system paths without authentication. Attackers can exploit the vulnerability by manipulating path parameters in GET and POST requests to list or download...

CVE-2020-37087 Easy Transfer 1.7 for iOS - Persistent Cross-Site Scripting

Easy Transfer Wifi Transfer v1.7 for iOS contains a persistent cross-site scripting vulnerability that allows remote attackers to inject malicious scripts by manipulating the oldPath, newPath, and path parameters in Create Folder and Move/Edit functions. Attackers can exploit improper input...

CVE-2020-37087

Easy Transfer Wifi Transfer v1.7 for iOS contains a persistent cross-site scripting vulnerability that allows remote attackers to inject malicious scripts by manipulating the oldPath, newPath, and path parameters in Create Folder and Move/Edit functions. Attackers can exploit improper input...

CVE-2020-37087

Easy Transfer Wifi Transfer v1.7 for iOS is affected by a persistent XSS due to improper input validation in Create Folder and Move/Edit, exploitable via POST requests by manipulating oldPath, newPath, and path parameters. The issue enables arbitrary JavaScript execution in the mobile web context...

EUVD-2020-30990

Easy Transfer 1.7 iOS mobile application contains a directory traversal vulnerability that allows remote attackers to access unauthorized file system paths without authentication. Attackers can exploit the vulnerability by manipulating path parameters in GET and POST requests to list or download...

Rubikon Easy Transfer 跨站脚本漏洞

Rubikon Easy Transfer is a file transfer application developed by Rubikon Corporation. Version 1.7 of Rubikon Easy Transfer contains a cross-site scripting vulnerability. This vulnerability stems from improper input validation of the oldPath, newPath, and path parameters during the creation of...

EUVD-2023-60536

QWE DL 2.0.1 mobile web application contains a persistent input validation vulnerability allowing remote attackers to inject malicious script code through path parameter manipulation. Attackers can exploit the vulnerability to execute persistent cross-site scripting attacks, potentially leading t...

CVE-2023-54343

CVE-2023-54343 affects the mobile web application QWE DL 2.0.1 . The issue is a persistent input validation vulnerability that allows remote attackers to inject malicious script through path parameter manipulation, enabling persistent cross-site scripting (XSS) attacks. Reported impact includes p...

CVE-2020-36988

PDW File Browser version 1.3 contains stored and reflected cross-site scripting vulnerabilities that allow authenticated attackers to inject malicious scripts through file rename and path parameters. Attackers can craft malicious URLs or rename files with XSS payloads to execute arbitrary...

CVE-2020-36988 PDW File Browser <= v1.3 - Cross-Site Scripting (XSS)

PDW File Browser version 1.3 contains stored and reflected cross-site scripting vulnerabilities that allow authenticated attackers to inject malicious scripts through file rename and path parameters. Attackers can craft malicious URLs or rename files with XSS payloads to execute arbitrary...

CVE-2020-36988

PDW File Browser version 1.3 contains stored and reflected cross-site scripting vulnerabilities that allow authenticated attackers to inject malicious scripts through file rename and path parameters. Attackers can craft malicious URLs or rename files with XSS payloads to execute arbitrary...

CVE-2020-36988 PDW File Browser <= v1.3 - Cross-Site Scripting (XSS)

PDW File Browser version 1.3 contains stored and reflected cross-site scripting vulnerabilities that allow authenticated attackers to inject malicious scripts through file rename and path parameters. Attackers can craft malicious URLs or rename files with XSS payloads to execute arbitrary...

PDW-File-Browser Cross-Site Script Vulnerability

PDW-File-Browser is a file browser developed by Michal Charemza. Version 1.3 of PDW-File-Browser has a cross-site scripting vulnerability. This vulnerability stems from file renaming and path parameters that allow storage- and reflection-type cross-site scripting, potentially enabling arbitrary...

CVE-2021-47849

CVE-2021-47849 affects Mini Mouse 9.3.0 via a local file inclusion/path traversal vulnerability in the device-info endpoint. The root cause is improper handling of file path parameters, enabling an attacker to enumerate sensitive system directories (e.g., /usr, /etc, /var) by manipulating the fil...

Improper Validation of Syntactic Correctness of Input

Overview Affected versions of this package are vulnerable to Improper Validation of Syntactic Correctness of Input due to the improper validation of matrix parameters in URL paths in JAX-RS routing layer. An attacker can gain access to administrative or sensitive endpoints by crafting requests th...

CVE-2022-50807

Rejected reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue...

CVE-2022-50807

...

CVE-2022-50807

This CVE entry is rejected/not used and does not represent an active vulnerability entry.

PT-2026-2364

Name of the Vulnerable Software and Affected Versions Concrete5 CMS version 9.1.3 Description Concrete5 CMS version 9.1.3 is subject to an XPath injection issue. Attackers can manipulate URL path parameters with malicious payloads. By sending crafted requests, attackers may be able to extract...

WordPress plugin Frontend File Manager Plugin 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plug-in. A security...