CVE-2023-25314

Cross Site Scripting XSS vulnerability in World Wide Broadcast Network AVideo before 12.4, allows attackers to gain sensitive information via the success parameter to /user...

CVE-2019-18449

An issue was discovered in GitLab Community and Enterprise Edition before 12.4 in the autocomplete feature. It has Insecure Permissions issue 2 of 2...

CVE-2019-18463

An issue was discovered in GitLab Community and Enterprise Edition through 12.4. It has Insecure Permissions issue 4 of 4...

EUVD-2025-201303

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in WatchGuard Fireware OS Tigerpaw Technology Integration module allows Stored XSS.This issue affects Fireware OS 12.4 up to and including 12.11.4, 12.5 up to and including 12.5.13, and 2025.1 ...

CVE-2025-13936 WatchGuard Firebox Stored Cross-Site-Scripting (XSS) Vulnerability in Tigerpaw Technology Integration Configuration

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in WatchGuard Fireware OS Tigerpaw Technology Integration module allows Stored XSS.This issue affects Fireware OS 12.4 up to and including 12.11.4, 12.5 up to and including 12.5.13, and 2025.1 ...

EUVD-2019-8212

Malware in sbrugna...

EUVD-2023-0761

Malicious code in bioql PyPI...

EUVD-2023-1654

Malicious code in bioql PyPI...

EUVD-2023-1663

Malicious code in bioql PyPI...

CVE-2023-32073

WWBN AVideo is an open source video platform. In versions 12.4 and prior, a command injection vulnerability exists at plugin/CloneSite/cloneClient.json.php which allows Remote Code Execution if you CloneSite Plugin. This is a bypass to the fix for CVE-2023-30854, which affects WWBN AVideo up to...

CVE-2023-30854

AVideo is an open source video platform. Prior to version 12.4, an OS Command Injection vulnerability in an authenticated endpoint /plugin/CloneSite/cloneClient.json.php allows attackers to achieve Remote Code Execution. This issue is fixed in version 12.4...

CVE-2019-19313

GitLab EE 12.3 through 12.5, 12.4.3, and 12.3.6 allows Denial of Service. Certain characters were making it impossible to create, edit, or view issues and commits...

CVE-2024-33566

Missing Authorization vulnerability in N-Media OrderConvo allows OS Command Injection.This issue affects OrderConvo: from n/a through 12.4...

GitLab 12.4 < 13.4.7 / 13.5 < 13.5.5 / 13.6 < 13.6.2 (CVE-2020-26407)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - A XSS vulnerability exists in Gitlab CE/EE from 12.4 before 13.4.7, 13.5 before 13.5.5, and 13.6 before 13.6.2 that allows an attacker to perform cross-site scripting to other users via importing a...

PT-2024-26240 · Wwbn · Avideo

Name of the Vulnerable Software and Affected Versions: WWBN AVideo version 12.4 Description: The issue is related to Cross Site Scripting XSS due to the lack of sanitization of the HTTP USER AGENT variable. In the view/about.php file, the website retrieves the user agent from the headers through ...

Cross site scripting

Kiwi TCMS is an open source test management system for both manual and automated testing. Kiwi TCMS allows users to upload attachments to test plans, test cases, etc. Earlier versions of Kiwi TCMS had introduced upload validators in order to prevent potentially dangerous files from being uploaded...

CVE-2023-32073 AVideo command injection vulnerability

WWBN AVideo is an open source video platform. In versions 12.4 and prior, a command injection vulnerability exists at plugin/CloneSite/cloneClient.json.php which allows Remote Code Execution if you CloneSite Plugin. This is a bypass to the fix for CVE-2023-30854, which affects WWBN AVideo up to...

CVE-2023-30860 WWBN/AVideo stored XSS vulnerability leads to takeover of any user's account, including admin's account

WWBN AVideo is an open source video platform. In AVideo prior to version 12.4, a normal user can make a Meeting Schedule where the user can invite another user in that Meeting, but it does not properly sanitize the malicious characters when creating a Meeting Room. This allows attacker to insert...

CVE-2023-30854

AVideo is an open source video platform. Prior to version 12.4, an OS Command Injection vulnerability in an authenticated endpoint /plugin/CloneSite/cloneClient.json.php allows attackers to achieve Remote Code Execution. This issue is fixed in version 12.4...

Command injection

AVideo is an open source video platform. Prior to version 12.4, an OS Command Injection vulnerability in an authenticated endpoint /plugin/CloneSite/cloneClient.json.php allows attackers to achieve Remote Code Execution. This issue is fixed in version 12.4...