8 matches found
CVE-2026-15186
The CVE-2026-15186 vulnerability affects macrozheng mall (up to version 1.0.3) in the Portal Endpoint’s /returnApply/create function, where manipulating the orderId can lead to improper control of resource identifiers. This is a network-exposed issue with a low- to medium-severity CVSS range (bas...
CVE-2026-15186 macrozheng mall Portal Endpoint create resource injection
A vulnerability was identified in macrozheng mall up to 1.0.3. This impacts an unknown function of the file /returnApply/create of the component Portal Endpoint. The manipulation of the argument orderId leads to improper control of resource identifiers. The attack can be initiated remotely. The...
EUVD-2026-42585
A vulnerability was identified in macrozheng mall up to 1.0.3. This impacts an unknown function of the file /returnApply/create of the component Portal Endpoint. The manipulation of the argument orderId leads to improper control of resource identifiers. The attack can be initiated remotely. The...
CVE-2026-24890
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, an authorization bypass vulnerability in the patient portal signature endpoint allows authenticated portal users to upload and overwrite provider signatures by setting...
PT-2025-48088
Name of the Vulnerable Software and Affected Versions Ruckus Unleashed version 200.13.6.1.319 Description A reflected Cross Site Scripting XSS issue exists in Ruckus Unleashed. The issue is located in the captive-portal endpoint ''selfguestpass/guestAccessSubmit.jsp'' and is triggered through...
CommScope Ruckus Unleashed 安全漏洞
CommScope Ruckus Unleashed is a wireless router from CommScope USA. A security vulnerability exists in CommScope Ruckus Unleashed version 200.13.6.1.319, which stems from improper handling of the parameter name in the captive-portal endpoint selfguestpass/guestAccessSubmit.jsp, which could lead t...
CVE-2025-63735
Vulnerability : CVE-2025-63735 describes a reflected XSS in Ruckus Unleashed v200.13.6.1.319. The issue is triggered via the query parameter named name on the captive-portal endpoint at /selfguestpass/guestAccessSubmit.jsp , with the application reflecting unsanitized input back to the page. Impa...
O2OA 安全漏洞
O2OA is an enterprise application development platform from O2OA Open Source. A security vulnerability exists in O2OA version 10.0-410 and earlier, which originates from cross-site scripting due to incorrect manipulation of parameters in the file /xportalassembledesigner/jaxrs/page...