Lucene search
K

50 matches found

NVD
NVD
added 2026/03/16 6:16 p.m.5 views

CVE-2026-29510

Hereta ETH-IMC408M firmware version 1.0.15 and prior contain a stored cross-site scripting vulnerability that allows authenticated attackers to inject arbitrary JavaScript by manipulating the Device Name field. Attackers can inject malicious scripts through the System Status interface that execut...

5.4CVSS0.00138EPSS
Exploits0References2
NVD
NVD
added 2026/03/16 6:16 p.m.6 views

CVE-2026-29513

Hereta ETH-IMC408M firmware version 1.0.15 and prior contain a stored cross-site scripting vulnerability that allows authenticated attackers to inject arbitrary JavaScript by manipulating the Device Location field. Attackers can inject malicious scripts through the System Status interface that...

5.4CVSS0.00138EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/16 4:56 p.m.4 views

CVE-2026-29510 Hereta ETH-IMC408M Stored XSS via Device Name

Hereta ETH-IMC408M firmware version 1.0.15 and prior contain a stored cross-site scripting vulnerability that allows authenticated attackers to inject arbitrary JavaScript by manipulating the Device Name field. Attackers can inject malicious scripts through the System Status interface that execut...

5.4CVSS5.8AI score0.00138EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/16 4:56 p.m.22 views

CVE-2026-29510 Hereta ETH-IMC408M Stored XSS via Device Name

Hereta ETH-IMC408M firmware version 1.0.15 and prior contain a stored cross-site scripting vulnerability that allows authenticated attackers to inject arbitrary JavaScript by manipulating the Device Name field. Attackers can inject malicious scripts through the System Status interface that execut...

5.4CVSS0.00138EPSS
Exploits0References2
CVE
CVE
added 2026/03/16 4:56 p.m.20 views

CVE-2026-29510

CVE-2026-29510 affects Hereta ETH-IMC408M firmware 1.0.15 and earlier. The vulnerability is a stored XSS in the Device Name field via the System Status interface, where unsanitized input can be injected and executed in users’ browsers viewing the status page. Root cause: input not properly saniti...

5.4CVSS5.8AI score0.00138EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/16 4:56 p.m.2 views

CVE-2026-29513 Hereta ETH-IMC408M Stored XSS via Device Location

Hereta ETH-IMC408M firmware version 1.0.15 and prior contain a stored cross-site scripting vulnerability that allows authenticated attackers to inject arbitrary JavaScript by manipulating the Device Location field. Attackers can inject malicious scripts through the System Status interface that...

5.4CVSS5.8AI score0.00138EPSS
Exploits0References2
CVE
CVE
added 2026/03/16 4:56 p.m.15 views

CVE-2026-29513

CVE-2026-29513 describes a stored XSS in Hereta ETH-IMC408M firmware ≤1.0.15. An authenticated attacker can inject JavaScript through the Device Location field via the System Status interface, with scripts executing in browsers of users viewing the status page. The CVSS 4.0 metrics indicate Netwo...

5.4CVSS5.8AI score0.00138EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/16 12:0 a.m.8 views

PT-2026-25782

Hereta ETH-IMC408M firmware version 1.0.15 and prior contain a stored cross-site scripting vulnerability that allows authenticated attackers to inject arbitrary JavaScript by manipulating the Device Location field. Attackers can inject malicious scripts through the System Status interface that...

5.1CVSS5.8AI score0.00138EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/16 12:0 a.m.12 views

PT-2026-25781

Hereta ETH-IMC408M firmware version 1.0.15 and prior contain a stored cross-site scripting vulnerability that allows authenticated attackers to inject arbitrary JavaScript by manipulating the Device Name field. Attackers can inject malicious scripts through the System Status interface that execut...

5.1CVSS5.8AI score0.00138EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-1999-0613

Malware in sbrugna...

10CVSS6.3AI score0.01855EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2018-17497

Malware in sbrugna...

5.3CVSS5.5AI score0.01328EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.2 views

EUVD-2018-6001

Malware in sbrugna...

7.5CVSS7.6AI score0.01391EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2001-0393

Malware in sbrugna...

5CVSS6.4AI score0.0208EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-40432

Malicious code in bioql PyPI...

6.5CVSS6.6AI score0.00495EPSS
Exploits0References1
Packet Storm
Packet Storm
added 2025/07/29 12:0 a.m.121 views

📄 ISPConfig 3.3.0 Cross Site Scripting

ISPConfig version 3.3.0 suffers from a cross site scripting vulnerability in the system status webpage. CVE-2025-52206 Reflected Cross Site Scripting XSS Suggested description ISPConfig 3.3.0 is vulnerable to Cross Site Scripting XSS via the system status webpage...

6.5AI score0.00221EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 6:49 a.m.9 views

CVE-2018-5728

Cobham Sea Tel 121 build 222701 devices allow remote attackers to obtain potentially sensitive information via a /cgi-bin/getSysStatus request, as demonstrated by the Latitude/Longitude of the ship, or satellite details...

5.3CVSS6.7AI score0.01328EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/05/16 12:0 a.m.2 views

Bohua NetDragon Firewall 注入漏洞

Bohua NetDragon Firewall is a firewall from Bohua. An injection vulnerability exists in Bohua NetDragon Firewall version 1.0, which stems from improper handling of the parameter subnet in the file /systemstatus/ipstatus.php, which could lead to command injection...

6.5CVSS6.8AI score0.01172EPSS
Exploits0References5
OSV
OSV
added 2025/05/09 9:15 p.m.3 views

CVE-2025-4491

A vulnerability classified as critical was found in Campcodes Online Food Ordering System 1.0. This vulnerability affects unknown code of the file /routers/ticket-status.php. The manipulation of the argument ticketid leads to sql injection. The attack can be initiated remotely. The exploit has be...

9.8CVSS5.8AI score0.00547EPSS
Exploits1References5
NVD
NVD
added 2024/03/16 5:15 a.m.14 views

CVE-2023-36483

Authorization bypass can be achieved by session ID prediction in MASmobile Classic Android version 1.16.18 and earlier and MASmobile Classic iOS version 1.7.24 and earlier which allows remote attackers to retrieve sensitive data including customer data, security system status, and event history...

6.5CVSS6.3AI score0.00495EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/03/16 12:0 a.m.15 views

CVE-2023-36483 MAS (a Carrier brand) MASmobile Classic Authorization Bypass

Authorization bypass can be achieved by session ID prediction in MASmobile Classic Android version 1.16.18 and earlier and MASmobile Classic iOS version 1.7.24 and earlier which allows remote attackers to retrieve sensitive data including customer data, security system status, and event history...

6.5CVSS6.8AI score0.00495EPSS
Exploits0References1
Rows per page
Query Builder