CVE-2021-29045

Cross-site scripting XSS vulnerability in the Redirect module's redirection administration page in Liferay Portal 7.3.2 through 7.3.5, and Liferay DXP 7.3 before fix pack 1 allows remote attackers to inject arbitrary web script or HTML via the...

CVE-2020-36624

A vulnerability was found in ahorner text-helpers up to 1.0.x. It has been declared as critical. This vulnerability affects unknown code of the file lib/texthelpers/translation.rb. The manipulation of the argument link leads to use of web link to untrusted target with window.opener access. The...

CVE-2020-35125

A cross-site scripting XSS vulnerability in the forms component of Mautic before 3.2.4 allows remote attackers to inject executable JavaScript via mauticreturn a different attack method than CVE-2020-35124, but also related to the Referer concept...

CVE-2020-9550

Rubetek SmartHome 2020 devices use unencrypted 433 MHz communication between controllers and beacons, allowing an attacker to sniff and spoof beacon requests remotely...

CVE-2020-7983

A CSRF issue in login.asp on Ruckus R500 3.4.2.0.384 devices allows remote attackers to access the panel or conduct SSRF attacks...

CVE-2020-5544

Null Pointer Dereference vulnerability in TCP function included in the firmware of Mitsubishi Electric MELQIC IU1 series IU1-1M20-D firmware version 1.0.7 and earlier allows remote attackers to stop the network functions or execute malware via a specially crafted packet...

CVE-2020-23631

Cross-site request forgery CSRF in admin/global/manage.php in WDJA CMS 1.5 allows remote attackers to conduct cross-site scripting XSS attacks via the tongji parameter...

CVE-2020-19858

Platinum Upnp SDK through 1.2.0 has a directory traversal vulnerability. The attack could remote attack victim by sending http://ip:port/../privacy.avi URL to compromise a victim's privacy...

CVE-2020-16260

Winston 1.5.4 devices do not enforce authorization. This is exploitable from the intranet, and can be combined with other vulnerabilities for remote exploitation...

CVE-2020-5612

Cross-site scripting vulnerability in KonaWiki 2.2.0 and earlier allows remote attackers to execute an arbitrary script via a specially crafted URL...

CVE-2014-3923

Multiple cross-site scripting XSS vulnerabilities in the Digital Zoom Studio DZS Video Gallery plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the logoLink parameter to 1 preview.swf, 2 previewskinrouge.swf, 3 previewallchars.swf, or 4 previewskinoverlay.swf...

CVE-2014-9301

Server-side request forgery SSRF vulnerability in the proxy servlet in Alfresco Community Edition before 5.0.a allows remote attackers to trigger outbound requests to intranet servers, conduct port scans, and read arbitrary files via a crafted URI in the endpoint parameter...

CVE-2018-1000219

OpenEMR version v5014 contains a Cross Site Scripting XSS vulnerability in The 'scan' parameter in line 41 of interface/fax/faxview.php that can result in The vulnerability could allow remote authenticated attackers to inject arbitrary web script or HTML.. This attack appear to be exploitable via...

CVE-2018-20391

TEKNOTEL CBW700N 81.447.392110.729.024 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests...

CVE-2010-2273

Multiple cross-site scripting XSS vulnerabilities in Dojo 1.0.x before 1.0.3, 1.1.x before 1.1.2, 1.2.x before 1.2.4, 1.3.x before 1.3.3, and 1.4.x before 1.4.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to...

CVE-2012-6521

Cross-site scripting XSS vulnerability in apps/admin/handlers/versions.php in Elefant CMS 1.2.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter to admin/versions...

CVE-2012-4142

Opera before 12.01 on Windows and UNIX, and before 11.66 and 12.x before 12.01 on Mac OS X, ignores some characters in HTML documents in unspecified circumstances, which makes it easier for remote attackers to conduct cross-site scripting XSS attacks via a crafted document...

CVE-2012-0404

Cross-site scripting XSS vulnerability in EMC Documentum eRoom before 7.4.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2013-7335

Open redirect vulnerability in DotNetNuke DNN before 6.2.9 and 7.x before 7.1.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors...

CVE-2013-3673

The gifdecodeframe function in gifdec.c in libavcodec in FFmpeg before 1.2.1 does not properly manage the disposal methods of frames, which allows remote attackers to cause a denial of service out-of-bounds array access and application crash via crafted GIF data...