6661 matches found
CVE-2019-25409
Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by manipulating the destination parameter. Attackers can send POST requests to the routing endpoint with script payloads in the destination parameter to execute...
PT-2026-20823
Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input to the snat endpoint. Attackers can send POST requests with JavaScript payloads in the port or snat to ip parameters to execute arbitrar...
GFI MailEssentials AI 安全漏洞
GFI MailEssentials AI is an open-source anti-spam and data breach protection software developed by GFI in the United States. Versions of GFI MailEssentials AI prior to version 22.4 contained a security vulnerability. This vulnerability stemmed from a storage cross-site scripting vulnerability...
PT-2026-20818
Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting unsanitized input to the hotspot permanent users endpoint. Attackers can send POST requests with JavaScript payloads in the MACADDRESSES parameter to...
PT-2026-20899
Name of the Vulnerable Software and Affected Versions GFI MailEssentials AI versions prior to 22.4 Description GFI MailEssentials AI versions before 22.4 have a stored cross-site scripting issue in the Local Domains settings page. A logged-in user can inject HTML or JavaScript code into the...
GFI MailEssentials AI 安全漏洞
GFI MailEssentials AI is an open-source anti-spam and data breach protection software developed by GFI in the United States. Versions of GFI MailEssentials AI prior to version 22.4 contained a security vulnerability. This vulnerability stemmed from a storage cross-site scripting vulnerability...
Malicious code in telebot-infee (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 660cdc2470d38cf51f0a232119dd9765cba56eb66412f12d3c09b40dd7bd8530 The package, distinguished as a speed testing or typosquatted Telegram library, contains a Telegram bot to perform remote control of the computer --- Category:...
MAL-2026-935 Malicious code in telebot-infoo (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 4a00053312897920b40040788f68a209b63c061000ec349ab3e705675bada499 The package, distinguished as a speed testing or typosquatted Telegram library, contains a Telegram bot to perform remote control of the computer --- Category:...
CVE-2026-1437
Reflected Cross-Site Scripting XSS vulnerability in the Graylog Web Interface console, version 2.2.3, caused by a lack of proper sanitization and escaping in HTML output. Several endpoints include segments of the URL directly in the response without applying output encoding, allowing an attacker ...
CVE-2026-1437
Reflected Cross-Site Scripting XSS vulnerability in the Graylog Web Interface console, version 2.2.3, caused by a lack of proper sanitization and escaping in HTML output. Several endpoints include segments of the URL directly in the response without applying output encoding, allowing an attacker ...
Joomla! CMS vulnerable to cross-site scripting
Overview Joomla! CMS provided by Joomla! Project contains the following vulnerability. Cross-site scripting CWE-79 - CVE-2025-63082 Sho Sugiyama of SUZUKI MOTOR CORPORATION reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...
CVE-2019-25394
Smoothwall Express 3.1-SP4-polar-x8664-update9 contains multiple stored cross-site scripting vulnerabilities in the modem.cgi script that allow attackers to inject malicious scripts through POST parameters. Attackers can submit crafted payloads in parameters like INIT, HANGUP, SPEAKERON,...
CVE-2019-25390
Smoothwall Express 3.1-SP4-polar-x8664-update9 contains multiple reflected cross-site scripting vulnerabilities in the interfaces.cgi script that allow attackers to inject malicious scripts through multiple parameters including GREENADDRESS, GREENNETMASK, REDDHCPHOSTNAME, REDADDRESS, DNS1OVERRIDE...
CVE-2019-25392
Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains a reflected cross-site scripting vulnerability in the iptools.cgi endpoint. Attackers can exploit by sending POST requests with malicious payloads in the IP parameter, enabling unauthorized execution of JavaScript in victims’ browsers. The ...
CVE-2019-25389 Smoothwall Express 3.1 'timedaccess.cgi' Cross-Site Scripting
Smoothwall Express 3.1-SP4-polar-x8664-update9 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the MACHINES parameter. Attackers can craft requests to the timedaccess.cgi endpoint with script payloads in the...
CVE-2026-2101 Reflected Cross-site Scripting (XSS) vulnerability affecting ENOVIAvpm Web Access from ENOVIAvpm Version 1 Release 16 through ENOVIAvpm Version 1 Release 19
A Reflected Cross-site Scripting XSS vulnerability affecting ENOVIAvpm Web Access from ENOVIAvpm Version 1 Release 16 through ENOVIAvpm Version 1 Release 19 allows an attacker to execute arbitrary script code in user's browser session...
CVE-2025-59904 Stored Cross-Site Scripting vulnerability in Kubysoft
Stored Cross-Site Scripting XSS vulnerability in Kubysoft, which is triggered through multiple parameters in the '/kForms/app' endpoint. This issue allows malicious scripts to be injected and executed persistently in the context of users accessing the affected resource...
CVE-2025-59904
The CVE-2025-59904 entry describes a Stored Cross-Site Scripting (XSS) vulnerability in Kubysoft, triggered by multiple parameters in the /kForms/app endpoint. The issue allows malicious scripts to be injected and executed in the context of users accessing the affected resource, indicating a clie...
CVE-2025-59904
Stored Cross-Site Scripting XSS vulnerability in Kubysoft, which is triggered through multiple parameters in the '/kForms/app' endpoint. This issue allows malicious scripts to be injected and executed persistently in the context of users accessing the affected resource...
CVE-2025-59905 Reflected Cross-Site Scripting (XSS) in Kubysoft
Cross-Site Scripting XSS vulnerability reflected in Kubysoft, which occurs through multiple parameters within the endpoint ‘/node/kudaby/nodeFN/procedure’. This flaw allows the injection of arbitrary client-side scripts, which are immediately reflected in the HTTP response and executed in the...