Wildfly 跨站脚本漏洞

Wildfly is a powerful, modular and lightweight application server from Wildfly. A cross-site scripting vulnerability exists in Wildfly that stems from improper neutralization of input in the HAL Console component, which results in that input being output as a web page and served to other users...

CVE-2025-22569

The CVE-2025-22569 entry concerns a Reflected Cross-Site Scripting (XSS) in the Featured Page Widget for WordPress (plugin). The description indicates improper neutralization of input during web page generation, enabling a reflected XSS vulnerability. Affected scope is listed as Featured Page Wid...

PhpSpreadsheet 安全漏洞

PhpSpreadsheet is an open source PHP library from PHPOffice for reading and writing spreadsheet files. A security vulnerability exists in PhpSpreadsheet that stems from vulnerability to unauthorized reflection-based cross-site scripting attacks...

PhpSpreadsheet 安全漏洞

PhpSpreadsheet is an open source PHP library from PHPOffice for reading and writing spreadsheet files. A security vulnerability exists in PhpSpreadsheet that stems from vulnerability to unauthorized reflection-based cross-site scripting attacks...

PhpSpreadsheet 安全漏洞

PhpSpreadsheet is an open source PHP library from PHPOffice for reading and writing spreadsheet files. A security vulnerability exists in PhpSpreadsheet that stems from vulnerability to unauthorized reflection-based cross-site scripting attacks...

LinkAce 安全漏洞

LinkAce is a self-hosted archive of links to your favorite websites by Kevin Woblick Personal Developer. A security vulnerability exists in LinkAce versions prior to 1.15.6 that stems from user input that is not properly cleaned or encoded before being reflected in an HTML response. An attacker...

Misskey 安全漏洞

Misskey is a permanently free open source federated social media platform from Misskey Open Source. A security vulnerability exists in Misskey version 2024.10.1 and earlier, which stems from an undetected proxy loop that allows a remote participant to perform a self-propagating...

PT-2024-36128 · Unknown · Jules Colle Advanced Options Editor

Name of the Vulnerable Software and Affected Versions: Jules Colle Advanced Options Editor versions n/a through 1.0 Description: The issue is related to improper neutralization of input during web page generation, also known as Cross-site Scripting XSS, which allows Reflected XSS. This problem ca...

DEBIAN-CVE-2024-54001

Kanboard is project management software that focuses on the Kanban methodology. HTML can be injected and stored into the application settings section. The fields applicationlanguage, applicationdateformat,applicationtimezone and applicationtimeformat allow arbirary user input which is reflected...

PT-2024-35000 · Elementor · Ultimate Flipbox Addon For Elementor

Name of the Vulnerable Software and Affected Versions: Ultimate Flipbox Addon for Elementor versions 1.0.3 and earlier Description: The issue affects the Ultimate Flipbox Addon for Elementor, allowing Stored XSS due to improper neutralization of input during web page generation. This is a critica...

PT-2024-38049 · Genetech · Genetec Security Center

Name of the Vulnerable Software and Affected Versions: Genetec Security Center versions prior to 5.12.2.1 Description: A high-severity issue was found in the Genetec Security Center product line, allowing for arbitrary code execution on the system hosting the Web SDK role. This issue is related t...

SUSE CVE-2024-47067

AList is a file list program that supports multiple storages. AList contains a reflected cross-site scripting vulnerability in helper.go. The endpoint /i/:linkname takes in a user-provided value and reflects it back in the response. The endpoint returns an application/xml response, opening it up ...

Fortinet Fortigate TCP Middlebox Reflection (FG-IR-22-073)

The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-22-073 advisory. - A improper verification of source of a communication channel in Fortinet FortiOS with IPS engine version 7.201 through 7.21...

Microsoft Exchange PowerShell Unsafe Reflection NTLM Relay Vulnerability

This vulnerability allows remote attackers to relay NTLM credentials on affected installations of Microsoft Exchange. Authentication is required to exploit this vulnerability. The specific flaw exists within the PowerShell endpoint. The process does not properly restrict a user-supplied argument...

CVE-2024-5749

Certain HP DesignJet products may be vulnerable to credential reflection which allow viewing SMTP server credentials...

CVE-2024-5749

Certain HP DesignJet products may be vulnerable to credential reflection which allow viewing SMTP server credentials...

CVE-2024-5749 Certain HP DesignJet products – Credential reflection

Certain HP DesignJet products may be vulnerable to credential reflection which allow viewing SMTP server credentials...

CVE-2024-5749 Certain HP DesignJet products – Credential reflection

Certain HP DesignJet products may be vulnerable to credential reflection which allow viewing SMTP server credentials...

CVE-2024-5749

The CVE-2024-5749 entry concerns HP DesignJet printer firmware vulnerable to a credential reflection issue in the SMTP Server Credential Handler. The root cause is a lack of authentication for a function that can reveal SMTP server credentials, potentially enabling a remote attacker to view sensi...

HP DesignJet 安全漏洞

HP DesignJet is a series of large format printers from Hewlett-Packard HP in the United States. A security vulnerability exists in HP DesignJet that stems from vulnerability to credential reflection, which allows viewing of SMTP server credentials...