CVE-2024-46333

An authenticated cross-site scripting XSS vulnerability in Piwigo v14.5.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Album Name parameter under the Add Album function...

CVE-2024-41930

Cross-site scripting vulnerability exists in MF Teacher Performance Management System version 6. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the website using the product...

Advantech ADAM-5550 跨站脚本漏洞

Advantech ADAM-5550 is a programmable automation controller from Advantech, China. The Advantech ADAM-5550 suffers from a cross-site scripting vulnerability that stems from the device failing to properly eliminate malicious code when parsing HTTP requests to generate page output. An attacker can...

kvf-admin 跨站脚本漏洞

kvf-admin is a rapid development framework, scaffolding, backend management system, permission system. kvf-admin cross-site scripting vulnerability , the vulnerability stems from the file / ueditor/upload?configPath=ueditor/config.json&action=uploadfile parameter upfile lack of effective filterin...

CVE-2024-45836

Cross-site scripting vulnerability exists in the web management page of PLANEX COMMUNICATIONS network cameras. If a logged-in user accesses a specific file, an arbitrary script may be executed on the web browser of the user...

httpd: Security issues via backend applications whose response headers are malicious or exploitable

A flaw was found in httpd. Backend applications whose response headers are malicious or exploitable may allow information disclosure, server-side request forgery SSRF or local script execution...

PT-2024-31801 · Planex Communications · Planex Communications Network Cameras

Name of the Vulnerable Software and Affected Versions: PLANEX COMMUNICATIONS network cameras affected versions not specified Description: A cross-site scripting issue exists in the web management page of the network cameras. If a logged-in user accesses a specific file, an arbitrary script may be...

Ellevo 安全漏洞

Ellevo is an enterprise process-oriented software from Ellevo. A cross-site scripting vulnerability exists in Ellevo version 6.2.0.38160, which stems from the application's lack of effective filtering and escaping of user-supplied data, and can be exploited by an attacker to execute arbitrary Web...

Multiple vulnerabilities in PLANEX COMMUNICATIONS network devices

Overview Multiple network devices network cameras and a router provided by PLANEX COMMUNICATIONS INC. contain multiple vulnerabilities listed below. Cross-site request forgery CWE-352 - CVE-2024-45372 Cross-site scripting vulnerability in the web management page CWE-79 - CVE-2024-45836...

JVN#81966868: Multiple vulnerabilities in PLANEX COMMUNICATIONS network devices

Multiple network devices network cameras and a router provided by PLANEX COMMUNICATIONS INC. contain multiple vulnerabilities listed below. Cross-site request forgery CWE-352 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:L Base Score 7.1 CVE-2024-45372 Cross-site scripting vulnerability in the web...

Dassault Systèmes 3DEXPERIENCE 安全漏洞

Dassault Systèmes 3DEXPERIENCE is a business and innovation platform from Dassault Systèmes France. A security vulnerability exists in Dassault Systèmes 3DEXPERIENCE. An attacker could exploit the vulnerability to execute arbitrary script code within a user's browser session...

Dassault Systèmes 3DEXPERIENCE 安全漏洞

Dassault Systèmes 3DEXPERIENCE is a business and innovation platform from Dassault Systèmes France. A security vulnerability exists in Dassault Systèmes 3DEXPERIENCE, which originated. An attacker could exploit the vulnerability to execute arbitrary script code within a user's browser session...

WordPress plugin Welcart e-Commerce 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security vulnerability...

CVE-2023-3410

The Bricks theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘customTag' attribute in versions up to, and including, 1.10.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with access to the Bricks Builder...

Red Hat Ansible 日志信息泄露漏洞

Red Hat Ansible is a computer system configuration manager from Red Hat USA. The product can be used to distribute, manage, and orchestrate computer systems. Red Hat Ansible suffers from a log information disclosure vulnerability that originates when sensitive information stored in an Ansible Vau...

EulerOS 2.0 SP10 : httpd (EulerOS-SA-2024-2417)

According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Encoding problem in modproxy in Apache HTTP Server 2.4.59 and earlier allows request URLs with incorrect encoding to be sent to backend services,...

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2024-2368)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

httpd: Security issues via backend applications whose response headers are malicious or exploitable

A flaw was found in httpd. Backend applications whose response headers are malicious or exploitable may allow information disclosure, server-side request forgery SSRF or local script execution...

httpd: Security issues via backend applications whose response headers are malicious or exploitable

A flaw was found in httpd. Backend applications whose response headers are malicious or exploitable may allow information disclosure, server-side request forgery SSRF or local script execution...

Perfex CRM 安全漏洞

Perfex CRM is a customer relationship management software from Perfex CRM open source. Used to manage customers, projects and create invoices in the cloud. A security vulnerability exists in Perfex CRM v1.1.0. An attacker can exploit the vulnerability to execute arbitrary web script or HTML by...