BigBlueButton 跨站脚本漏洞

BigBlueButton is an open-source web conferencing system developed by the BigBlueButton community. Versions of BigBlueButton prior to 3.0.19 contained a cross-site scripting vulnerability. This vulnerability stemmed from the failure to clean up user input in public chat areas during recording and...

WWBN AVideo 跨站脚本漏洞

WWBN AVideo is a video platform building system written in PHP, developed by the WWBN team. Versions of WWBN AVideo prior to version 29 contain cross-site scripting vulnerabilities. This vulnerability arises from the lack of HTML cleaning of user input in objects/notifySubscribers.json.php, which...

Progress LoadMaster 安全漏洞

Progress LoadMaster is a high-performance application delivery controller ADC and load balancer developed by the American company Progress. There is a security vulnerability in Progress LoadMaster, which stems from uncleaned input for the killsession command. This vulnerability could allow...

Lychee 跨站脚本漏洞

Lychee is a beautiful and easy-to-use photo management system developed by The Lychee Organisation. It is used for managing and sharing photos. Versions of Lychee prior to 7.5.3 had a cross-site scripting vulnerability; this vulnerability occurred due to the lack of HTML cleaning when storing pho...

stabilizer 安全漏洞

Stabilizer is a performance evaluation tool developed by Charlie Curtsinger. Stabilizer has a security vulnerability, which stems from the direct transmission of uncleaned user input to os.system, potentially allowing remote attackers to execute arbitrary system commands...

Binardat 10G08-0800GSM 跨站脚本漏洞

Binardat 10G08-0800GSM is a high-performance switch from the Chinese company Binardat. The Binardat 10G08-0800GSM Network Switch V300SP10260209 and earlier versions have a cross-site scripting vulnerability. This vulnerability stems from uncleaned user input reflected in the web interface, which...

Progress LoadMaster 安全漏洞

Progress LoadMaster is a high performance Application Delivery Controller ADC and load balancer from Progress, Inc. A security vulnerability exists in Progress LoadMaster that stems from an uncleaned API input parameter, which could lead to the execution of arbitrary commands by an authenticated...

WordPress plugin WP Go Maps 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

Webkul Software Bagisto 安全漏洞

Webkul Software Bagisto is an open source e-commerce framework from Webkul Software, India. A security vulnerability exists in Webkul Software Bagisto version 2.3.7, which stems from the server-side template engine processing uncleaned user input, and could lead to server-side template injection...

Bottinelli Informatical Vedo Suite 安全漏洞

Bottinelli Informatical Vedo Suite is an enterprise software suite for the textile and design industry from Bottinelli Informatica, Italy. A security vulnerability exists in Bottinelli Informatical Vedo Suite version 2024.17 that stems from an uncleaned filegetcontents function call that could le...

AVTECH IP camera、AVTECH DVR和AVTECH NVR 安全漏洞

AVTECH IP camera and others are products of AVTECH Corporation, USA.AVTECH IP camera is a series of network security cameras.AVTECH DVR is a digital video recording host.AVTECH NVR is a network video recorder. A security vulnerability exists in AVTECH IP camera, AVTECH DVR and AVTECH NVR that ste...

AVTECH IP camera、AVTECH DVR和AVTECH NVR 安全漏洞

AVTECH IP camera and others are products of AVTECH Corporation, USA.AVTECH IP camera is a series of network security cameras.AVTECH DVR is a digital video recording host.AVTECH NVR is a network video recorder. A security vulnerability exists in AVTECH IP camera, AVTECH DVR, and AVTECH NVR, which...

Git MCP Server 命令注入漏洞

Git MCP Server is an MCP server for Casey Hand Personal Developer. A command injection vulnerability exists in Git MCP Server versions prior to 2.1.5, which stems from a failure to clean up input parameters resulting in command injection that could lead to remote code execution...

miniTCG 安全漏洞

miniTCG is an automated collectible card game by the individual developer Carina aka Neko Cari. A security vulnerability exists in miniTCG v1.3.1 beta, which stems from uncleaned input and could lead to a cross-site scripting attack...

VMware Spring Framework 安全漏洞

VMware Spring Framework is a set of open source Java, JavaEE application frameworks from VMware. The framework helps developers build high-quality applications. A security vulnerability exists in VMware Spring Framework versions 6.0.5 through 6.2.7, which stems from uncleaned user input in...

MegaBIP SQL注入漏洞

MegaBIP is a software for creating BIP websites from MegaBIP Inc. A SQL injection vulnerability exists in versions prior to MegaBIP 5.20 that stems from uncleaned user input and could lead to a SQL injection attack...

Discourse 安全漏洞

Discourse is an open source community discussion platform from Discourse Open Source. The platform includes community, email and chat room features. Discourse suffers from a security vulnerability that stems from uncleaned and unstored user input being injected into the HTML of posts...

WordPress Plugin Animated Counters Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

jsoup 跨站脚本漏洞

Github jsoup is a Java library for working with real-world HTML. A security vulnerability exists in versions of jsoup prior to 1.15.3, which stems from the possibility that uncleaned input may be retained...

AbanteCart 1.2.7 Cross Site Scripting

Exploit Title: AbanteCart 1.2.7 Stored XSS Date: 06-12-2016 Software Link: http://www.abantecart.com/ Exploit Author: Kacper Szurek Contact: http://twitter.com/KacperSzurek Website: http://security.szurek.pl/ Category: webapps 1. Description By default all user input is escaped using...