50 matches found
CVE-2026-29510
Hereta ETH-IMC408M firmware version 1.0.15 and prior contain a stored cross-site scripting vulnerability that allows authenticated attackers to inject arbitrary JavaScript by manipulating the Device Name field. Attackers can inject malicious scripts through the System Status interface that execut...
CVE-2026-29513
Hereta ETH-IMC408M firmware version 1.0.15 and prior contain a stored cross-site scripting vulnerability that allows authenticated attackers to inject arbitrary JavaScript by manipulating the Device Location field. Attackers can inject malicious scripts through the System Status interface that...
CVE-2026-29510 Hereta ETH-IMC408M Stored XSS via Device Name
Hereta ETH-IMC408M firmware version 1.0.15 and prior contain a stored cross-site scripting vulnerability that allows authenticated attackers to inject arbitrary JavaScript by manipulating the Device Name field. Attackers can inject malicious scripts through the System Status interface that execut...
CVE-2026-29510 Hereta ETH-IMC408M Stored XSS via Device Name
Hereta ETH-IMC408M firmware version 1.0.15 and prior contain a stored cross-site scripting vulnerability that allows authenticated attackers to inject arbitrary JavaScript by manipulating the Device Name field. Attackers can inject malicious scripts through the System Status interface that execut...
CVE-2026-29510
CVE-2026-29510 affects Hereta ETH-IMC408M firmware 1.0.15 and earlier. The vulnerability is a stored XSS in the Device Name field via the System Status interface, where unsanitized input can be injected and executed in users’ browsers viewing the status page. Root cause: input not properly saniti...
CVE-2026-29513 Hereta ETH-IMC408M Stored XSS via Device Location
Hereta ETH-IMC408M firmware version 1.0.15 and prior contain a stored cross-site scripting vulnerability that allows authenticated attackers to inject arbitrary JavaScript by manipulating the Device Location field. Attackers can inject malicious scripts through the System Status interface that...
CVE-2026-29513
CVE-2026-29513 describes a stored XSS in Hereta ETH-IMC408M firmware ≤1.0.15. An authenticated attacker can inject JavaScript through the Device Location field via the System Status interface, with scripts executing in browsers of users viewing the status page. The CVSS 4.0 metrics indicate Netwo...
PT-2026-25782
Hereta ETH-IMC408M firmware version 1.0.15 and prior contain a stored cross-site scripting vulnerability that allows authenticated attackers to inject arbitrary JavaScript by manipulating the Device Location field. Attackers can inject malicious scripts through the System Status interface that...
PT-2026-25781
Hereta ETH-IMC408M firmware version 1.0.15 and prior contain a stored cross-site scripting vulnerability that allows authenticated attackers to inject arbitrary JavaScript by manipulating the Device Name field. Attackers can inject malicious scripts through the System Status interface that execut...
EUVD-1999-0613
Malware in sbrugna...
EUVD-2018-17497
Malware in sbrugna...
EUVD-2018-6001
Malware in sbrugna...
EUVD-2001-0393
Malware in sbrugna...
EUVD-2023-40432
Malicious code in bioql PyPI...
📄 ISPConfig 3.3.0 Cross Site Scripting
ISPConfig version 3.3.0 suffers from a cross site scripting vulnerability in the system status webpage. CVE-2025-52206 Reflected Cross Site Scripting XSS Suggested description ISPConfig 3.3.0 is vulnerable to Cross Site Scripting XSS via the system status webpage...
CVE-2018-5728
Cobham Sea Tel 121 build 222701 devices allow remote attackers to obtain potentially sensitive information via a /cgi-bin/getSysStatus request, as demonstrated by the Latitude/Longitude of the ship, or satellite details...
Bohua NetDragon Firewall 注入漏洞
Bohua NetDragon Firewall is a firewall from Bohua. An injection vulnerability exists in Bohua NetDragon Firewall version 1.0, which stems from improper handling of the parameter subnet in the file /systemstatus/ipstatus.php, which could lead to command injection...
CVE-2025-4491
A vulnerability classified as critical was found in Campcodes Online Food Ordering System 1.0. This vulnerability affects unknown code of the file /routers/ticket-status.php. The manipulation of the argument ticketid leads to sql injection. The attack can be initiated remotely. The exploit has be...
CVE-2023-36483
Authorization bypass can be achieved by session ID prediction in MASmobile Classic Android version 1.16.18 and earlier and MASmobile Classic iOS version 1.7.24 and earlier which allows remote attackers to retrieve sensitive data including customer data, security system status, and event history...
CVE-2023-36483 MAS (a Carrier brand) MASmobile Classic Authorization Bypass
Authorization bypass can be achieved by session ID prediction in MASmobile Classic Android version 1.16.18 and earlier and MASmobile Classic iOS version 1.7.24 and earlier which allows remote attackers to retrieve sensitive data including customer data, security system status, and event history...