28 matches found
📄 Tactical RMM 1.3.1 Jinja2 Server-Side Template Injection
This Metasploit module targets a server-side template injection vulnerability in Tactical RMM's template preview endpoint. The implementation is clearly marked as experimental and manually ranked due to the inherently unstable exploitation technique it relies on. The module attempts to achieve...
CVE-2025-61550
Cross-Site Scripting XSS is present on the ctl00Content01fieldValue parameters on the /psp/appNet/TemplateOrder/TemplatePreview.aspx endpoint in edu Business Solutions Print Shop Pro WebDesk version 18.34 fixed in 19.69. User-supplied input is stored and later rendered in HTML pages without prope...
CVE-2025-61550
Cross-Site Scripting XSS is present on the ctl00Content01fieldValue parameters on the /psp/appNet/TemplateOrder/TemplatePreview.aspx endpoint in edu Business Solutions Print Shop Pro WebDesk version 18.34 fixed in 19.69. User-supplied input is stored and later rendered in HTML pages without prope...
CVE-2025-61550
Cross-Site Scripting XSS is present on the ctl00Content01fieldValue parameters on the /psp/appNet/TemplateOrder/TemplatePreview.aspx endpoint in edu Business Solutions Print Shop Pro WebDesk version 18.34 fixed in 19.69. User-supplied input is stored and later rendered in HTML pages without prope...
CVE-2025-61550
Cross-Site Scripting XSS is present on the ctl00Content01fieldValue parameters on the /psp/appNet/TemplateOrder/TemplatePreview.aspx endpoint in edu Business Solutions Print Shop Pro WebDesk version 18.34 fixed in 19.69. User-supplied input is stored and later rendered in HTML pages without prope...
PT-2026-1831
Name of the Vulnerable Software and Affected Versions edu Business Solutions Print Shop Pro WebDesk version 18.34 Description A Cross-Site Scripting XSS issue exists due to improper output encoding or sanitization of user-supplied input. Specifically, the issue is present on the ctl00 Content01...
CVE-2025-61550
CVE-2025-61550 affects edu Business Solutions Print Shop Pro WebDesk 18.34. The stored XSS occurs in ctl00_Content01_fieldValue parameters via /psp/appNet/TemplateOrder/TemplatePreview.aspx, where user input is stored and later rendered in HTML without proper output encoding or sanitization. This...
CVE-2025-61550
Cross-Site Scripting XSS is present on the ctl00Content01fieldValue parameters on the /psp/appNet/TemplateOrder/TemplatePreview.aspx endpoint in edu Business Solutions Print Shop Pro WebDesk version 18.34 fixed in 19.69. User-supplied input is stored and later rendered in HTML pages without prope...
EUVD-2022-2513
Malicious code in bioql PyPI...
GHSA-RF24-WG77-GQ7W listmonk: CSRF to XSS Chain can Lead to Admin Account Takeover
Summary Cross-Site Request Forgery CSRF is an attack that forces an end user to execute unwanted actions on a web application in which they’re currently authenticated. With a little help of social engineering such as sending a link via email or chat, an attacker may trick the users of a web...
CVE-2025-27406
Icinga Reporting is the central component for reporting related functionality in the monitoring web frontend and framework Icinga Web 2. A vulnerability present in versions 0.10.0 through 1.0.2 allows to set up a template that allows to embed arbitrary Javascript. This enables the attacker to act...
CVE-2025-27406
Icinga Reporting is the central component for reporting related functionality in the monitoring web frontend and framework Icinga Web 2. A vulnerability present in versions 0.10.0 through 1.0.2 allows to set up a template that allows to embed arbitrary Javascript. This enables the attacker to act...
CVE-2024-31946
CVE-2024-31946 affects Stormshield Network Security (SNS). A user with write access to the SNS email alerts page can craft an alert email containing malicious JavaScript that is executed in the template preview. Affected versions include 3.7.0–3.7.41, 3.10.0–3.11.29, 4.0–4.3.24, and 4.4.0–4.7.4. ...
Stormshield Network Security Security Vulnerabilities
Stormshield Network Security SNS is a next-generation UTM Unified Threat Management firewall from the French company Stormshield. A security vulnerability exists in Stormshield Network Security SNS that stems from the ability of a user with write access on an email alert page to run malicious cod...
PT-2024-24310 · Stormshield · Stormshield Network Security
Name of the Vulnerable Software and Affected Versions: Stormshield Network Security SNS versions 3.7.0 through 3.7.41 Stormshield Network Security SNS versions 3.10.0 through 3.11.29 Stormshield Network Security SNS versions 4.0 through 4.3.24 Stormshield Network Security SNS versions 4.4.0 throu...
CVE-2018-25086
A vulnerability was found in sea75300 FanPress CM up to 3.6.3. It has been classified as problematic. This affects the function getArticlesPreview of the file inc/controller/action/system/templatepreview.php of the component Template Preview. The manipulation leads to cross site scripting. It is...
Cross site scripting
A vulnerability was found in sea75300 FanPress CM up to 3.6.3. It has been classified as problematic. This affects the function getArticlesPreview of the file inc/controller/action/system/templatepreview.php of the component Template Preview. The manipulation leads to cross site scripting. It is...
CVE-2018-25086
The CVE-2018-25086 issue affects sea75300 FanPress CM versions up to 3.6.3, specifically the Template Preview component and its getArticlesPreview function in inc/controller/action/system/templatepreview.php, which allows cross-site scripting. The vulnerability can be triggered remotely and is ad...
CVE-2018-25086 sea75300 FanPress CM Template Preview templatepreview.php getArticlesPreview cross site scripting
A vulnerability was found in sea75300 FanPress CM up to 3.6.3. It has been classified as problematic. This affects the function getArticlesPreview of the file inc/controller/action/system/templatepreview.php of the component Template Preview. The manipulation leads to cross site scripting. It is...
FanPress CM 跨站脚本漏洞
FanPress CM is a lightweight but powerful content management system from the individual developer Stefan Seehafer. A cross-site scripting vulnerability exists in FanPress CM 3.6.3 and earlier versions, which stems from a problem with the component Template Preview and can be exploited by an...