Savsoft Quiz 跨站脚本漏洞

Savsoft Quiz is a management platform for creating online exams and tests, developed by Savsoft’s individual developers using PHP. Version 5.0 of Savsoft Quiz has a cross-site scripting vulnerability. This vulnerability stems from a persistent cross-site scripting issue present on the user accoun...

CVE-2024-11982

Certain models of routers from Billion Electric has a Plaintext Storage of a Password vulnerability. Remote attackers with administrator privileges can access the user settings page to retrieve plaintext passwords...

CVE-2024-11982 Billion Electric router - Plaintext Storage of a Password

Certain models of routers from Billion Electric has a Plaintext Storage of a Password vulnerability. Remote attackers with administrator privileges can access the user settings page to retrieve plaintext passwords...

CVE-2024-11982 Billion Electric router - Plaintext Storage of a Password

Certain models of routers from Billion Electric has a Plaintext Storage of a Password vulnerability. Remote attackers with administrator privileges can access the user settings page to retrieve plaintext passwords...

CVE-2024-6935 formtools.org Form Tools User Settings Page cross site scripting

A vulnerability classified as problematic was found in formtools.org Form Tools 3.1.1. This vulnerability affects unknown code of the file /admin/clients/ of the component User Settings Page. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has bee...

CVE-2024-6935

Form Tools 3.1.1 is affected by a cross-site scripting vulnerability in the User Settings Page, specifically the /admin/clients/ file. The issue is triggered remotely and has publicly disclosed exploit details. Affected component/URL: /admin/clients/ within Form Tools 3.1.1. Root cause and exact ...

PT-2024-37973 · Unknown · Form Tools

Name of the Vulnerable Software and Affected Versions: Form Tools version 3.1.1 Description: A problematic issue was found in the User Settings Page component, specifically affecting the /admin/clients/ file. This issue leads to cross-site scripting and can be initiated remotely. The exploit has...

CVE-2024-37765

Machform up to version 19 is affected by an authenticated Blind SQL injection in the user account settings page...

CVE-2022-36266

In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists a stored XSS vulnerability. As the binary file /home/www/cgi-bin/login.cgi does not check if the user is authenticated, a malicious actor can craft a specific request on the login.cgi endpoint that contains a base32 encoded XSS...

Cross site scripting

In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists a stored XSS vulnerability. As the binary file /home/www/cgi-bin/login.cgi does not check if the user is authenticated, a malicious actor can craft a specific request on the login.cgi endpoint that contains a base32 encoded XSS...

CVE-2022-36266

In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists a stored XSS vulnerability. As the binary file /home/www/cgi-bin/login.cgi does not check if the user is authenticated, a malicious actor can craft a specific request on the login.cgi endpoint that contains a base32 encoded XSS...

PT-2022-23284 · Airspan · Airspan Airspot 5410

Name of the Vulnerable Software and Affected Versions: Airspan AirSpot 5410 versions 0.3.4.1-4 and under Description: The issue concerns a stored XSS vulnerability. It occurs because the binary file /home/www/cgi-bin/login.cgi does not check if the user is authenticated, allowing a malicious acto...