715 matches found
CVE-2025-69612
A path traversal vulnerability exists in TMS Management Console version 6.3.7.27386.20250818 from TMS Global Software. The "Download Template" function in the profile dashboard does not neutralize directory traversal sequences ../ in the filePath parameter, allowing authenticated users to read...
TMS Management Console security vulnerabilities
TMS Management Console is a management console software developed by the American company TMS. Version 6.3.7.27386.20250818 of TMS Management Console contains a security vulnerability. This vulnerability stems from the Download Template function in the profile dashboard, which does not properly...
MedDream PACS Premium encapsulatedDoc arbitrary file read vulnerability
Talos Vulnerability Report TALOS-2025-2273 MedDream PACS Premium encapsulatedDoc arbitrary file read vulnerability January 20, 2026 CVE Number CVE-2025-53912 SUMMARY An arbitrary file read vulnerability exists in the encapsulatedDoc functionality of MedDream PACS Premium 7.3.6.870. A specially...
D-Link DI-8200G Command Injection Vulnerability
The D-Link DI-8200G is an enterprise router from China-based AUO D-Link. The D-Link DI-8200G suffers from a command injection vulnerability due to manipulation of a path parameter in an unknown function in the /upgradefilter.asp file. An attacker could exploit this vulnerability to execute...
CVE-2025-71166
Typesetter CMS versions up to and including 5.1 contain a reflected cross-site scripting XSS vulnerability in the administrative interface within the Tools Status move message handling. The path parameter is reflected into the HTML output without proper output encoding in...
CVE-2025-71165
Typesetter CMS versions up to and including 5.1 contain a reflected cross-site scripting XSS vulnerability in the administrative interface within the Tools Status functionality. The path parameter is reflected into the HTML response without proper output encoding in include/admin/Tools/Status.php...
CVE-2022-50891
Owlfiles File Manager 12.0.1 contains a cross-site scripting vulnerability that allows attackers to inject malicious scripts through the path parameter in HTTP server endpoints. Attackers can craft URLs targeting the download and list endpoints with embedded script tags to execute arbitrary...
CVE-2025-71165
Typesetter CMS versions up to and including 5.1 contain a reflected cross-site scripting XSS vulnerability in the administrative interface within the Tools Status functionality. The path parameter is reflected into the HTML response without proper output encoding in include/admin/Tools/Status.php...
CVE-2025-71165
Typesetter CMS versions up to and including 5.1 contain a reflected cross-site scripting XSS vulnerability in the administrative interface within the Tools Status functionality. The path parameter is reflected into the HTML response without proper output encoding in include/admin/Tools/Status.php...
CVE-2025-71166
Typesetter CMS versions up to and including 5.1 contain a reflected cross-site scripting XSS vulnerability in the administrative interface within the Tools Status move message handling. The path parameter is reflected into the HTML output without proper output encoding in...
CVE-2025-71166
Typesetter CMS versions up to and including 5.1 contain a reflected cross-site scripting XSS vulnerability in the administrative interface within the Tools Status move message handling. The path parameter is reflected into the HTML output without proper output encoding in...
CVE-2025-71166 Typesetter CMS Reflected XSS via Move Message Handling
Typesetter CMS versions up to and including 5.1 contain a reflected cross-site scripting XSS vulnerability in the administrative interface within the Tools Status move message handling. The path parameter is reflected into the HTML output without proper output encoding in...
EUVD-2026-2428
Typesetter CMS versions up to and including 5.1 contain a reflected cross-site scripting XSS vulnerability in the administrative interface within the Tools Status functionality. The path parameter is reflected into the HTML response without proper output encoding in include/admin/Tools/Status.php...
CVE-2025-71165 Typesetter CMS Reflected XSS via Status.php
Typesetter CMS versions up to and including 5.1 contain a reflected cross-site scripting XSS vulnerability in the administrative interface within the Tools Status functionality. The path parameter is reflected into the HTML response without proper output encoding in include/admin/Tools/Status.php...
CVE-2025-71165
Summary: Typesetter CMS
GHSA-R7VR-WG3F-8HR9 Concrete5 CMS contains an XPath injection vulnerability
Concrete5 CMS version 9.1.3 contains an XPath injection vulnerability that allows attackers to manipulate URL path parameters with malicious payloads. Attackers can flood the system with crafted requests to potentially extract internal content paths and system information...
PT-2026-2945
Name of the Vulnerable Software and Affected Versions Typesetter CMS versions up to and including 5.1 Description Typesetter CMS versions up to and including 5.1 have a reflected cross-site scripting XSS issue in the administrative interface within the Tools Status functionality. The path paramet...
Typesetter CMS 跨站脚本漏洞
Typesetter CMS is an open source content management system from Typesetter. A cross-site scripting vulnerability exists in Typesetter CMS 5.1 and earlier versions , the vulnerability stems from insufficient cleanup and escaping of the path parameter , which could lead to reflective cross-site...
Typesetter CMS 跨站脚本漏洞
Typesetter CMS is an open source content management system from Typesetter. A cross-site scripting vulnerability exists in Typesetter CMS 5.1 and earlier versions , the vulnerability stems from insufficient cleanup and escaping of the path parameter , which could lead to reflective cross-site...
CVE-2022-50891
Owlfiles File Manager 12.0.1 contains a cross-site scripting vulnerability that allows attackers to inject malicious scripts through the path parameter in HTTP server endpoints. Attackers can craft URLs targeting the download and list endpoints with embedded script tags to execute arbitrary...