Lucene search
K

14 matches found

CVE
CVE
added 2025/12/17 12:0 a.m.15 views

CVE-2025-67073

The CVE-2025-67073 entry describes a buffer overflow in the httpd binary of Tenda AC10V4.0 (v16.03.10.20) in the function fromAdvSetMacMtuWan. A crafted POST payload targeting the field serviceName to /goform/AdvSetMacMtuWan can cause a denial of service and potentially code execution. Public sou...

9.8CVSS7.6AI score0.00595EPSS
Exploits1References1Affected Software1
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2021-20877

Malware in sbrugna...

6.1CVSS6.3AI score0.00662EPSS
Exploits1References2
OSV
OSV
added 2022/08/05 4:15 p.m.4 views

CVE-2021-46678

A XSS vulnerability exist in Pandora FMS version 756 and below, that allows an attacker to perform javascript code executions via the service name field...

6.1CVSS5.8AI score0.00314EPSS
Exploits0References2
Prion
Prion
added 2022/08/05 4:15 p.m.14 views

Cross site scripting

A XSS vulnerability exist in Pandora FMS version 756 and below, that allows an attacker to perform javascript code executions via the service name field...

5.8CVSS6AI score0.00314EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2022/08/05 3:26 p.m.6 views

CVE-2021-46678 Vulnerability XSS in service form name field

A XSS vulnerability exist in Pandora FMS version 756 and below, that allows an attacker to perform javascript code executions via the service name field...

4CVSS6.5AI score0.00314EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/08/05 12:0 a.m.4 views

Artica Pandora FMS 跨站脚本漏洞

Artica Pandora FMS is a monitoring system from the Spanish company Artica. The system monitors networks, servers, virtual infrastructures, applications, etc. in a visual way. A cross-site scripting vulnerability exists in Artica Pandora FMS version 756 and earlier. An attacker can exploit this...

6.1CVSS6.2AI score0.00314EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2022/02/21 11:0 a.m.5 views

CVE-2021-46678

A XSS vulnerability exist in Pandora FMS version 756 and below, that allows an attacker to perform javascript code executions via the service name field...

6.1CVSS6.4AI score0.00314EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2021/08/20 5:15 p.m.6 views

CVE-2021-34228

Cross-site scripting in parentcontrol.htm in TOTOLINK A3002R version V1.1.1-B20200824 Important Update, new UI allows attackers to execute arbitrary JavaScript by modifying the "Description" field and "Service Name" field...

6.1CVSS6.6AI score0.29161EPSS
Exploits1References1
OSV
OSV
added 2021/08/20 5:15 p.m.4 views

CVE-2021-34215

Cross-site scripting in tcpipwan.htm in TOTOLINK A3002R version V1.1.1-B20200824 Important Update, new UI allows attackers to execute arbitrary JavaScript by modifying the "Service Name" field...

6.1CVSS6AI score0.00662EPSS
Exploits1References1
Prion
Prion
added 2021/08/20 5:15 p.m.19 views

Cross site scripting

Cross-site scripting in parentcontrol.htm in TOTOLINK A3002R version V1.1.1-B20200824 Important Update, new UI allows attackers to execute arbitrary JavaScript by modifying the "Description" field and "Service Name" field...

4.3CVSS6.4AI score0.29161EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2021/08/20 4:44 p.m.22 views

CVE-2021-34215

Cross-site scripting in tcpipwan.htm in TOTOLINK A3002R version V1.1.1-B20200824 Important Update, new UI allows attackers to execute arbitrary JavaScript by modifying the "Service Name" field...

6.6AI score0.00662EPSS
Exploits1References1
CNNVD
CNNVD
added 2021/08/20 12:0 a.m.4 views

TotoLink A3002RU 跨站脚本漏洞

TOTOLINK A3002RU is an AC1200 wireless dual-band gigabit router. tcpipwan.htm in TOTOLINK A3002R version 1.1.1-B20200824 is vulnerable to cross-site scripting. The vulnerability can be exploited to execute arbitrary JavaScript by modifying the "service name" field...

6.1CVSS5AI score0.00662EPSS
Exploits1References2
CNNVD
CNNVD
added 2021/08/20 12:0 a.m.3 views

TotoLink A3002RU 跨站脚本漏洞

A cross-site scripting vulnerability exists in TOTOLINK A3002RU, a wireless router product from Taiwan-based TOTOLINK, which stems from the lack of validation of client-side data for the product's ability to modify the Description and Service Name fields. An attacker could execute client-side cod...

6.1CVSS5.4AI score0.29161EPSS
Exploits1References2
OSV
OSV
added 2017/07/11 9:29 p.m.2 views

CVE-2017-8495

Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to bypass Extended Protection for Authentication when Kerberos fails to prevent tampering with...

7.5CVSS7.3AI score0.04621EPSS
Exploits0References4
Rows per page
Query Builder