7797 matches found
CVE-2019-25415
Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting unsanitized input to the hotspotpermanentusers endpoint. Attackers can send POST requests with JavaScript payloads in the MACADDRESSES parameter to...
CVE-2019-25408
Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input to the netmaskaddr parameter. Attackers can send POST requests to the netwizard2 endpoint with script payloads in the netmaskaddr...
CVE-2019-25407
Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input to the backup schedule interface. Attackers can send POST requests to the backupschedule endpoint with JavaScript code in the BACKUPRCPT...
CVE-2019-25430
Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting crafted input to the username parameter. Attackers can send POST requests to the vpnusers endpoint with script payloads in the usernam...
CVE-2019-25415 Comodo Dome Firewall 2.7.0 Cross-Site Scripting via hotspot_permanent_users
Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting unsanitized input to the hotspotpermanentusers endpoint. Attackers can send POST requests with JavaScript payloads in the MACADDRESSES parameter to...
CVE-2019-25415
Comodo Dome Firewall 2.7.0 is affected by a reflected XSS in the hotspot_permanent_users endpoint. An attacker can submit unsanitized input via MACADDRESSES in a POST to inject JavaScript that runs in users’ browsers. CVSS metrics: CVSSv3.1 base 6.1 (NETWORK, LOW complexity, NONE privileges, USER...
CVE-2019-25415 Comodo Dome Firewall 2.7.0 Cross-Site Scripting via hotspot_permanent_users
Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting unsanitized input to the hotspotpermanentusers endpoint. Attackers can send POST requests with JavaScript payloads in the MACADDRESSES parameter to...
CVE-2019-25412
CVE-2019-25412 concerns Comodo Dome Firewall 2.7.0, which contains a reflected cross-site scripting (XSS) vulnerability. The issue arises via the NTP_SERVER_LIST parameter in POST requests to the /korugan/time endpoint, allowing an attacker to submit unsanitized input that can execute arbitrary J...
CVE-2019-25407
CVE-2019-25407 concerns Comodo Dome Firewall 2.7.0, where a reflected cross-site scripting vulnerability exists in the backupschedule interface. The issue allows an attacker to submit crafted input via POST to the backupschedule endpoint (BACKUP_RCPTTO) to execute arbitrary JavaScript in end user...
CVE-2019-25407 Comodo Dome Firewall 2.7.0 Cross-Site Scripting via backupschedule
Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input to the backup schedule interface. Attackers can send POST requests to the backupschedule endpoint with JavaScript code in the BACKUPRCPT...
Cross-site Scripting (XSS)
Overview org.opencms:opencms-core is a Java open source content management system by Alkacon Software. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the text parameter in POST requests to /blog/new-article/org.opencms.ugc.CmsUgcEditService.gwt. An attacker can...
CVE-2026-2735 Stored Cross-Site Scripting (XSS) vulnerability in Alkacon's OpenCms
Stored Cross-Site Scripting XSS in Alkacon's OpenCms v18.0, which occurs when user input is not properly validated when sending a POST request to ‘/blog/new-article/org.opencms.ugc.CmsUgcEditService.gwt’ using the ‘text’ parameter...
CVE-2026-2735
Stored Cross-Site Scripting XSS in Alkacon's OpenCms v18.0, which occurs when user input is not properly validated when sending a POST request to ‘/blog/new-article/org.opencms.ugc.CmsUgcEditService.gwt’ using the ‘text’ parameter...
CVE-2026-2735
CVE-2026-2735 describes a Stored XSS in Alkacon’s OpenCms v18.0. The vulnerability occurs when user input is not properly validated in a POST request to /blog/new-article/org.opencms.ugc.CmsUgcEditService.gwt using the text parameter. According to the record, the impact is limited to the vulnerab...
CVE-2026-25232
Summary (concrete details from connected docs) : CVE-2026-25232 affects Gogs, including versions up to 0.13.4. Affected component: web interface DeleteBranchPost, which bypasses branch protection to delete protected branches (including default) by direct POST requests. Root cause: protection chec...
CVE-2026-25232 Gogs has a Protected Branch Deletion Bypass in Web Interface
Gogs is an open source self-hosted Git service. Versions 0.13.4 and below have an access control bypass vulnerability which allows any repository collaborator with Write permissions to delete protected branches including the default branch by sending a direct POST request, completely bypassing th...
CVE-2026-25232 Gogs has a Protected Branch Deletion Bypass in Web Interface
Gogs is an open source self-hosted Git service. Versions 0.13.4 and below have an access control bypass vulnerability which allows any repository collaborator with Write permissions to delete protected branches including the default branch by sending a direct POST request, completely bypassing th...
PT-2026-20820
Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input to the protocol parameter. Attackers can send POST requests to the QoS rules management endpoint with JavaScript payloads in the protoco...
PT-2026-20833
Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting crafted input to the username parameter. Attackers can send POST requests to the vpn users endpoint with script payloads in the userna...
PT-2026-20830
Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input to the antispyware endpoint. Attackers can send POST requests with JavaScript payloads in the DNSMASQ WHITELIST or DNSMASQ BLACKLIST...