CVE-2019-25419 Comodo Dome Firewall 2.7.0 Stored Cross-Site Scripting via schedule

Comodo Dome Firewall 2.7.0 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input to the schedule endpoint. Attackers can submit POST requests with JavaScript payloads in the SCHNAME parameter to execute arbitrary code in...

CVE-2025-34260

Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting XSS vulnerability in the /rmm/v1/action/schedule endpoint. When an authenticated user adds a schedule to an existing task, the schedule name is stored and later rendered in schedule listings without HTML...

PT-2025-49281

Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting XSS vulnerability in the /rmm/v1/action/schedule endpoint. When an authenticated user adds a schedule to an existing task, the schedule name is stored and later rendered in schedule listings without HTML...

EUVD-2019-7439

Malware in sbrugna...

CVE-2024-6006

A vulnerability was found in ZKTeco ZKBio CVSecurity V5000 4.1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Summer Schedule Handler. The manipulation of the argument Schedule Name leads to cross site scripting. The attack may be launch...

ZKTeco ZKBioSecurity Code Injection Vulnerability

ZKTeco ZKBioSecurity is a web-based all-in-one platform from the Chinese company ZKTeco. A code injection vulnerability exists in ZKTeco ZKBioSecurity version 4.1.0, which stems from an incorrect operation of the parameter Schedule Name that can lead to cross-site scripting...

CVE-2021-38428

Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to cross-site scripting because an authenticated attacker can inject arbitrary JavaScript code into the parameter name of the API schedule, which may allow an attacker to remotely execute code...

WordPress 插件 跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an open source application plugin for WordPress. A cross-site scripting vulnerability exists i...

Weekly Schedule < 3.4.3 - Authenticated Stored XSS

The "Schedule Name" input in the plugin general options did not properly sanitize input, allowing a user to inject javascript code using the Go to Weekly Schedule - General Options /wp-admin/admin.php?page=weekly-schedule - Schedule Name - Fill the field with a payload such as alertxss...

CVE-2019-16961

SolarWinds Web Help Desk 12.7.0 allows XSS via a Schedule Name...

CVE-2019-16961

SolarWinds Web Help Desk 12.7.0 allows XSS via a Schedule Name...

Design/Logic Flaw

SolarWinds Web Help Desk 12.7.0 allows XSS via a Schedule Name...

CVE-2019-16961

SolarWinds Web Help Desk 12.7.0 allows XSS via a Schedule Name...

CVE-2019-16961

CVE-2019-16961 affects SolarWinds Web Help Desk 12.7.0 and is a cross-site scripting (XSS) vulnerability exploitable via a Schedule Name. The connected Red Hat/CNVD/NVD entries corroborate the same issue. The NVD metrics list a CVSS v3.1 base score of 5.4 (MEDIUM) with network attack vector, low ...