7797 matches found
PT-2026-20813
Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts through the source and destination parameters. Attackers can submit POST requests to the policy routing endpoint with script payloads in these parameters to execute...
CVE-2019-25399
IPFire 2.21 Core Update 127 contains multiple stored cross-site scripting vulnerabilities in the extrahd.cgi script that allow attackers to inject malicious scripts through the FS, PATH, and UUID parameters. Attackers can submit POST requests with script payloads in these parameters to execute...
LibreNMS /port-groups name Stored Cross-Site Scripting
Summary /port-groups name Stored Cross-Site Scripting - HTTP POST - Request-URIs: "/port-groups" - Vulnerable parameters: "name" - Attacker must be authenticated with "admin" privileges. - When a user adds a port group, an HTTP POST request is sent to the Request-URI "/port-groups". The name of t...
Cross-site Scripting (XSS)
Overview librenms/librenms is a fully featured network monitoring system that provides a wealth of features and device support. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the name parameter in the HTTP POST request to /device-groups. An attacker with admin...
GHSA-5PQF-54QP-32WX LibreNMS /device-groups name Stored Cross-Site Scripting
Summary /device-groups name Stored Cross-Site Scripting - HTTP POST - Request-URIs: "/device-groups" - Vulnerable parameters: "name" - Attacker must be authenticated with "admin" privileges. - When a user adds a device group, an HTTP POST request is sent to the Request-URI "/device-groups". The...
LibreNMS /device-groups name Stored Cross-Site Scripting
Summary /device-groups name Stored Cross-Site Scripting - HTTP POST - Request-URIs: "/device-groups" - Vulnerable parameters: "name" - Attacker must be authenticated with "admin" privileges. - When a user adds a device group, an HTTP POST request is sent to the Request-URI "/device-groups". The...
CVE-2019-25401 Bematech Printer MP-4200 TH Denial of Service
Bematech formerly Logic Controls, now Elgin MP-4200 TH printer contains a denial of service vulnerability in the admin configuration page. Remote attackers can send crafted POST requests with malformed 'admin' and 'person' parameters to crash the printer's web service, causing a denial of service...
CVE-2019-25398 IPFire 2.21 Core Update 127 Cross-Site Scripting via ovpnmain.cgi
IPFire 2.21 Core Update 127 contains multiple cross-site scripting vulnerabilities in the ovpnmain.cgi script that allow attackers to inject malicious scripts through VPN configuration parameters. Attackers can submit POST requests with script payloads in parameters like VPNIP, DMTU, ccdname,...
Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 : AIOHTTP vulnerabilities (USN-8032-1)
The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8032-1 advisory. Charles Chan discovered that AIOHTTP incorrectly handled the decompression of compressed requests. A remote...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization in the DeleteBranchPost function. A repository collaborator with Write permission can delete protected branches or the default branch by sending POST requests directly to the web interface, bypassing branch...
Gogs has a Protected Branch Deletion Bypass in Web Interface
Summary An access control bypass vulnerability in Gogs web interface allows any repository collaborator with Write permissions to delete protected branches including the default branch by sending a direct POST request, completely bypassing the branch protection mechanism. This vulnerability enabl...
PT-2026-20322
Name of the Vulnerable Software and Affected Versions Gogs versions 0.13.4 and below Description Gogs, an open-source self-hosted Git service, contains an access control bypass issue. Repository collaborators with Write permissions can delete protected branches, including the default branch, by...
CVE-2019-25393
Smoothwall Express 3.1-SP4-polar-x8664-update9 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by exploiting insufficient input validation. Attackers can submit POST requests to the smoothinfo.cgi endpoint with script...
CVE-2019-25394
Smoothwall Express 3.1-SP4-polar-x8664-update9 contains multiple stored cross-site scripting vulnerabilities in the modem.cgi script that allow attackers to inject malicious scripts through POST parameters. Attackers can submit crafted payloads in parameters like INIT, HANGUP, SPEAKERON,...
CVE-2019-25388
Smoothwall Express 3.1-SP4-polar-x8664-update9 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting crafted input to the ipblock.cgi endpoint. Attackers can inject script tags through the SRCIP and COMMENT paramete...
CVE-2019-25388
Smoothwall Express 3.1-SP4-polar-x8664-update9 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting crafted input to the ipblock.cgi endpoint. Attackers can inject script tags through the SRCIP and COMMENT paramete...
CVE-2019-25392
Smoothwall Express 3.1-SP4-polar-x8664-update9 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the IP parameter. Attackers can send POST requests to the iptools.cgi endpoint with script payloads in the IP...
CVE-2019-25386
Smoothwall Express 3.1-SP4-polar-x8664-update9 contains multiple reflected cross-site scripting vulnerabilities in the dmzholes.cgi script that allow attackers to inject malicious scripts through unvalidated parameters. Attackers can submit POST requests with script payloads in the SRCIP, DESTIP,...
CVE-2019-25387
Smoothwall Express 3.1-SP4-polar-x8664-update9 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting crafted input to the xtaccess.cgi endpoint. Attackers can inject script payloads through the EXT, DESTPORT, or...
CVE-2019-25381
Smoothwall Express 3.1-SP4-polar-x8664-update9 contains multiple reflected cross-site scripting vulnerabilities in the hosts.cgi script that allow attackers to inject malicious scripts through unvalidated parameters. Attackers can submit POST requests to the hosts.cgi endpoint with script payload...