Lucene search
K

482 matches found

Vulnrichment
Vulnrichment
added 2026/02/18 8:59 p.m.4 views

CVE-2019-25397 IPFire 2.21 Core Update 127 Cross-Site Scripting via hosts.cgi

IPFire 2.21 Core Update 127 contains multiple reflected cross-site scripting vulnerabilities in the hosts.cgi script that allow attackers to inject malicious scripts through unvalidated parameters. Attackers can submit POST requests with script payloads in the KEY1, IP, HOST, or DOM parameters to...

6.1CVSS5.6AI score0.00242EPSS
Exploits1References4
CVE
CVE
added 2026/02/18 8:59 p.m.13 views

CVE-2019-25397

CVE-2019-25397 describes multiple reflected cross-site scripting vulnerabilities in hosts.cgi within IPFire 2.21 Core Update 127. Attackers can submit POST payloads in KEY1, IP, HOST, or DOM to execute arbitrary JavaScript in a user’s browser. Impact is reflected XSS with potential user interacti...

6.1CVSS5.6AI score0.00242EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2026/02/18 8:59 p.m.25 views

CVE-2019-25396 IPFire 2.21 Core Update 127 Reflected XSS via updatexlrator.cgi

IPFire 2.21 Core Update 127 contains a reflected cross-site scripting vulnerability in the updatexlrator.cgi script that allows attackers to inject malicious scripts through POST parameters. Attackers can submit crafted requests with script payloads in the MAXDISKUSAGE or MAXDOWNLOADRATE paramete...

6.1CVSS0.00242EPSS
Exploits1References4
CVE
CVE
added 2026/02/18 8:59 p.m.13 views

CVE-2019-25396

IPFire 2.21 Core Update 127 is vulnerable to a reflected XSS in updatexlrator.cgi. Attackers can submit crafted POST requests with scripts in MAX_DISK_USAGE or MAX_DOWNLOAD_RATE to execute arbitrary JavaScript in users’ browsers. CVSS metrics are provided (CVSS 4.0 base 5.1, CVSS 3.1 base 6.1); n...

6.1CVSS5.6AI score0.00242EPSS
Exploits1References4Affected Software1
NVD
NVD
added 2026/02/18 6:24 p.m.7 views

CVE-2025-70152

code-projects Community Project Scholars Tracking System 1.0 is vulnerable to SQL Injection in the admin user management endpoints /admin/saveuser.php and /admin/updateuser.php. These endpoints lack authentication checks and directly concatenate user-supplied POST parameters firstname, lastname,...

9.8CVSS0.00398EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/02/18 12:0 a.m.13 views

PT-2026-20534

SD.NET RIM versions before 4.7.3c contain a SQL injection vulnerability that allows attackers to inject malicious SQL statements through POST parameters 'idtyp' and 'idgremium'. Attackers can exploit this vulnerability by crafting specially formed POST requests to the /vorlagen/ endpoint, enablin...

8.8CVSS5.8AI score0.0015EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/02/18 12:0 a.m.9 views

PT-2026-20498

IPFire 2.21 Core Update 127 contains a reflected cross-site scripting vulnerability in the updatexlrator.cgi script that allows attackers to inject malicious scripts through POST parameters. Attackers can submit crafted requests with script payloads in the MAX DISK USAGE or MAX DOWNLOAD RATE...

6.1CVSS5.6AI score0.00242EPSS
Exploits1References4
NVD
NVD
added 2026/02/16 6:19 p.m.6 views

CVE-2019-25394

Smoothwall Express 3.1-SP4-polar-x8664-update9 contains multiple stored cross-site scripting vulnerabilities in the modem.cgi script that allow attackers to inject malicious scripts through POST parameters. Attackers can submit crafted payloads in parameters like INIT, HANGUP, SPEAKERON,...

7.2CVSS0.00223EPSS
Exploits1References3
NVD
NVD
added 2026/02/16 6:19 p.m.3 views

CVE-2019-25390

Smoothwall Express 3.1-SP4-polar-x8664-update9 contains multiple reflected cross-site scripting vulnerabilities in the interfaces.cgi script that allow attackers to inject malicious scripts through multiple parameters including GREENADDRESS, GREENNETMASK, REDDHCPHOSTNAME, REDADDRESS, DNS1OVERRIDE...

6.1CVSS0.00199EPSS
Exploits1References3
OSV
OSV
added 2026/02/16 6:19 p.m.6 views

CVE-2019-25390

Smoothwall Express 3.1-SP4-polar-x8664-update9 contains multiple reflected cross-site scripting vulnerabilities in the interfaces.cgi script that allow attackers to inject malicious scripts through multiple parameters including GREENADDRESS, GREENNETMASK, REDDHCPHOSTNAME, REDADDRESS, DNS1OVERRIDE...

6.1CVSS6AI score
Exploits0References3
NVD
NVD
added 2026/02/16 6:19 p.m.4 views

CVE-2019-25380

Smoothwall Express 3.1-SP4-polar-x8664-update9 contains multiple reflected cross-site scripting vulnerabilities in the dhcp.cgi script that allow attackers to inject malicious scripts through multiple parameters. Attackers can submit POST requests to dhcp.cgi with script payloads in parameters su...

6.1CVSS0.00225EPSS
Exploits1References3
OSV
OSV
added 2026/02/16 6:19 p.m.3 views

CVE-2019-25384

Smoothwall Express 3.1-SP4-polar-x8664-update9 contains multiple reflected cross-site scripting vulnerabilities in the portfw.cgi script that allow attackers to inject malicious scripts through unvalidated parameters. Attackers can submit POST requests with script payloads in the EXT, SRCPORTSEL,...

6.1CVSS5.9AI score0.00225EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/02/16 5:5 p.m.26 views

CVE-2019-25394 Smoothwall Express 3.1 'modem.cgi' Cross-Site Scripting

Smoothwall Express 3.1-SP4-polar-x8664-update9 contains multiple stored cross-site scripting vulnerabilities in the modem.cgi script that allow attackers to inject malicious scripts through POST parameters. Attackers can submit crafted payloads in parameters like INIT, HANGUP, SPEAKERON,...

7.2CVSS0.00223EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/02/16 5:5 p.m.3 views

CVE-2019-25394 Smoothwall Express 3.1 'modem.cgi' Cross-Site Scripting

Smoothwall Express 3.1-SP4-polar-x8664-update9 contains multiple stored cross-site scripting vulnerabilities in the modem.cgi script that allow attackers to inject malicious scripts through POST parameters. Attackers can submit crafted payloads in parameters like INIT, HANGUP, SPEAKERON,...

7.2CVSS5.6AI score0.00223EPSS
Exploits1References3
CVE
CVE
added 2026/02/16 5:5 p.m.13 views

CVE-2019-25394

CVE-2019-25394 affects Smoothwall Express 3.1-SP4-polar-x86_64-update9, with stored cross-site scripting in the modem.cgi script. Malicious payloads injected via POST parameters (INIT, HANGUP, SPEAKER_ON, SPEAKER_OFF, TONE_DIAL, PULSE_DIAL) can lead to arbitrary JavaScript execution in users’ bro...

7.2CVSS5.6AI score0.00223EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2026/02/16 5:5 p.m.44 views

CVE-2019-25390

CVE-2019-25390 affects Smoothwall Express 3.1-SP4-polar-x86_64-update9. The vulnerability is a set of multiple reflected cross-site scripting flaws in the interfaces.cgi script, exploitable via posted parameters such as GREEN_ADDRESS, GREEN_NETMASK, RED_DHCP_HOSTNAME, RED_ADDRESS, DNS1_OVERRIDE, ...

6.1CVSS5.6AI score0.00199EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/16 5:4 p.m.5 views

CVE-2019-25386 Smoothwall Express 3.1 'dmzholes.cgi' Cross-Site Scripting

Smoothwall Express 3.1-SP4-polar-x8664-update9 contains multiple reflected cross-site scripting vulnerabilities in the dmzholes.cgi script that allow attackers to inject malicious scripts through unvalidated parameters. Attackers can submit POST requests with script payloads in the SRCIP, DESTIP,...

6.1CVSS5.6AI score0.00225EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/02/16 5:4 p.m.25 views

CVE-2019-25384 Smoothwall Express 3.1 'portfw.cgi' Cross-Site Scripting

Smoothwall Express 3.1-SP4-polar-x8664-update9 contains multiple reflected cross-site scripting vulnerabilities in the portfw.cgi script that allow attackers to inject malicious scripts through unvalidated parameters. Attackers can submit POST requests with script payloads in the EXT, SRCPORTSEL,...

6.1CVSS0.00225EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/02/16 5:4 p.m.4 views

CVE-2019-25383 Smoothwall Express 3.1 'apcupsd.cgi' Cross-Site Scripting

Smoothwall Express 3.1-SP4-polar-x8664-update9 contains multiple reflected cross-site scripting vulnerabilities in the apcupsd.cgi script that allow attackers to inject malicious scripts through multiple POST parameters. Attackers can submit crafted POST requests with script payloads in parameter...

6.1CVSS5.6AI score0.00225EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/02/16 5:4 p.m.6 views

CVE-2019-25383

Smoothwall Express 3.1-SP4-polar-x8664-update9 contains multiple reflected cross-site scripting vulnerabilities in the apcupsd.cgi script that allow attackers to inject malicious scripts through multiple POST parameters. Attackers can submit crafted POST requests with script payloads in parameter...

6.1CVSS5.6AI score0.00225EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder