CVE-2021-34359

A cross-site scripting XSS vulnerability has been reported to affect QNAP device running Proxy Server. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of Proxy Server: QTS 4.5.x: Proxy Server 1.4...

CVE-2021-34361

CVE-2021-34361 is an XSS flaw in QNAP QTS Proxy Server. The vulnerability allows a remote attacker to inject HTML/script via crafted input in the Proxy Server component (affected by user-supplied data handling). According to the sources, the issue was fixed in QTS 4.5.x with Proxy Server 1.4.2 (2...

Broadcom Symantec Layer7 API Management OAuth Toolkit跨站脚本漏洞

Broadcom Symantec Layer7 API Management OAuth Toolkit is a Layer7 API Management Community Blog from Broadcom, Inc. The Broadcom Symantec Layer7 API Management OAuth Toolkit suffers from a cross-site scripting vulnerability that could be exploited by a remote attacker to create a malicious URL fo...

CVE-2022-22142

CVE-2022-22142 describes a reflected XSS in the checkbox handling of php_mailform prior to version 1.40. The root cause is insufficient cleaning of user-supplied data in checkboxes, allowing a remote, unauthenticated attacker to inject arbitrary script via crafted requests (unspecified vectors). ...

The vulnerability of Moxa EN50155 TN-5900 series router microprogramming software, related to the lack of measures taken for data cleaning at the management level, allows attackers to introduce malicious code.

The vulnerability of Moxa EN50155 TN-5900 series router microprogramming software is related to the lack of measures taken for data cleaning at the management level. Exploiting this vulnerability can allow a malicious actor to inject malicious code remotely...

GHSA-4RMR-C2JX-VX27 Mustache remote code injection vulnerability

In Mustache.php v2.0.0 through v2.14.0, Sections tag can lead to arbitrary php code execution even if strictcallables is true when section value is controllable...

Mustache remote code injection vulnerability

In Mustache.php v2.0.0 through v2.14.0, Sections tag can lead to arbitrary php code execution even if strictcallables is true when section value is controllable...

VulnCheck KEV: CVE-2019-7193

QNAP QTS contains an improper input validation vulnerability allowing remote attackers to inject code on the system...

VulnCheck KEV: CVE-2018-19943

A cross-site scripting vulnerability affecting QNAP NAS File Station could allow remote attackers to inject malicious code...

VulnCheck KEV: CVE-2018-19953

A cross-site scripting vulnerability affecting QNAP NAS File Station could allow remote attackers to inject malicious code...

uDoctorAppointment v2.1.1 - (Multiple) Cross Site Scripting Vulnerability

Exploit Title: uDoctorAppointment v2.1.1 - 'Multiple' Cross Site Scripting XSS Document Title: =============== uDoctorAppointment v2.1.1 - Multiple XSS Vulnerabilities Product & Service Introduction: =============================== Clinic management, doctor or therapist online medical appointment...

VulnCheck KEV: CVE-2020-11978

A remote code/command injection vulnerability was discovered in one of the example DAGs shipped with Airflow...

CVE-2021-38677

A cross-site scripting XSS vulnerability has been reported to affect QNAP device running QcalAgent. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of QcalAgent: QcalAgent 1.1.7 and later...

CVE-2021-38674

CVE-2021-38674 is an XSS vulnerability affecting QTS, QuTS hero, and QuTScloud. Publicly documented vulnerable components include the QTS/QTS hero/QuTScloud web interfaces, with remote attacker exploitation enabling injection of malicious code. The NVD/NVD-derived entries list fixes in QTS 4.5.4....

Remote code injection, Improper Input Validation and Uncontrolled Recursion in Log4j library

Summary The version used of Log4j, the library used for logging by PowerNukkit, is subject to a remote code execution vulnerability via the ldap JNDI parser. It's well detailed at CVE-2021-44228 and CVE-2021-45105https://github.com/advisories/GHSA-p6xc-xr62-6r2g. Impact Malicious client code coul...

CVE-2021-44584

Cross-site scripting XSS vulnerability in index.php in emlog version = pro-1.0.7 allows remote attackers to inject arbitrary web script or HTML via the s parameter...

CVE-2021-38680

A cross-site scripting XSS vulnerability has been reported to affect QNAP device running Kazoo Server. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of Kazoo Server: Kazoo Server 4.11.20 and la...

CVE-2021-43438

Stored XSS in Signup Form in iResturant 1.0 Allows Remote Attacker to Inject Arbitrary code via NAME and ADDRESS field...

RubyGems: Dependency repository hijacking aka Repo Jacking from GitHub repo rubygems/bundler-site & rubygems/bundler.github.io + bundler.io docs

Dependency repository hijacking aka repo jacking is an obscure supply chain vulnerability, conceptually similar to subdomain takeover. When the linked repository owner changes their username, it becomes immediately available to be re-registered by anyone. This means that any project that linked...

MTN Group: Remote code injection in Log4j on https://mymtn.mtncongo.net - CVE-2021-44228

The website https://mymtn.mtncongo.net was vulnerable to remote code injection due to the CVE-2021-44228 vulnerability in the Log4j library. This critical vulnerability allowed for remote command execution...