The vulnerability of the WEBGUI component of the SAP NetWeaver Application Server ABAP software integration platform allows a attacker to perform XSS attacks.

The vulnerability of the WEBGUI component of the SAP NetWeaver Application Server ABAP software integration platform exists due to the lack of measures taken to protect the web page structure. Exploiting this vulnerability allows a malicious actor to carry out XSS attacks remotely...

Linux Distros Unpatched Vulnerability : CVE-2019-3864

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was discovered in all quay-2 versions before quay-3.0.0, in the Quay web GUI where POST requests include a specific parameter which is used as a...

CVE-2024-55570

CVE-2024-55570 affects Cubro EXA48200 network packet broker UI: /api/user/users allows remote authenticated users to elevate privileges by sending a single HTTP PUT with rolename=Administrator (improper access control). Affected build: 20231025055018; fixed in V5.0R14.5P4-V3.3R1. CVSS 3.1 base sc...

CVE-2025-26793

The Web GUI configuration panel of Hirsch formerly Identiv and Viscount Enterphone MESH through 2024 ships with default credentials username freedom, password viscount. The administrator is not prompted to change these credentials on initial configuration, and changing the credentials requires ma...

CVE-2025-26793

The Web GUI configuration panel of Hirsch formerly Identiv and Viscount Enterphone MESH through 2024 ships with default credentials username freedom, password viscount. The administrator is not prompted to change these credentials on initial configuration, and changing the credentials requires ma...

CVE-2020-18305

Extreme Networks EXOS before v.22.7 and before v.30.2 was discovered to contain an issue in its Web GUI which fails to restrict URL access, allowing attackers to access sensitive information or escalate privileges...

CVE-2021-26097

An improper neutralization of special elements used in an OS Command vulnerability in FortiSandbox 3.2.0 through 3.2.2, 3.1.0 through 3.1.4, and 3.0.0 through 3.0.6 may allow an authenticated attacker with access to the web GUI to execute unauthorized code or commands via specifically crafted HTT...

Multiple vulnerabilities in UNIVERGE IX/IX-R/IX-V series routers

Overview UNIVERGE IX/IX-R/IX-V series routers provided by NEC Corporation contain multiple vulnerabilities listed below. Command injection CWE-77 - CVE-2024-11013 Cross-site request forgery WE-352 - CVE-2024-11014 RyotaK of Flatt Security Inc. reported these vulnerabilities to NEC Corporation and...

SAP Web GUI Login Brute Forcer

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework This module is based on, inspired by, or is a port of a plugin available in the Onapsis Bizploit Opensource ERP Penetration Testing framework -...

Syncovery For Linux Web-GUI Session Token Brute-Forcer

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'base64' require 'date' require 'json' require 'metasploit/framework/credentialcollection' require 'metasploit/framework/loginscanner/syncoveryfilesyncbackup'...

CVE-2024-37392

A stored Cross-Site Scripting XSS vulnerability has been identified in SMSEagle software version 6.0. The vulnerability arises because the application did not properly sanitize user input in the SMS messages in the inbox. This could allow an attacker to inject malicious JavaScript code into an SM...

CVE-2024-37392

A stored Cross-Site Scripting XSS vulnerability has been identified in SMSEagle software version 6.0. The vulnerability arises because the application did not properly sanitize user input in the SMS messages in the inbox. This could allow an attacker to inject malicious JavaScript code into an SM...

CVE-2024-37392

A stored Cross-Site Scripting XSS vulnerability has been identified in SMSEagle software version 6.0. The vulnerability arises because the application did not properly sanitize user input in the SMS messages in the inbox. This could allow an attacker to inject malicious JavaScript code into an SM...

CVE-2024-37392

CVE-2024-37392 describes a stored XSS in SMSEagle prior to version 6.0. The issue stems from improper sanitization of user input in SMS messages stored in the inbox, allowing injected JavaScript to execute when a message is viewed in the web-GUI. Impact is a client-side script execution risk with...

ChuanhuChatGPT Security Vulnerability

ChuanhuChatGPT is a light and easy-to-use Web GUI for ChatGPT/ChatGLM/LLaMA/StableLM/MOSS and many other LLMs. A security vulnerability exists in ChuanhuChatGPT, which stems from insufficient cleaning and validation of model output data, resulting in a stored cross-site scripting vulnerability...

ChuanhuChatGPT Access Control Error Vulnerability

ChuanhuChatGPT is a lightweight and easy-to-use Web GUI for ChatGPT/ChatGLM/LLaMA/StableLM/MOSS and many other LLMs. ChuanhuChatGPT suffers from an access control error vulnerability that stems from an improper access control mechanism...

CVE-2020-18305

Extreme Networks EXOS before v.22.7 and before v.30.2 was discovered to contain an issue in its Web GUI which fails to restrict URL access, allowing attackers to access sensitive information or escalate privileges...

CVE-2020-18305

Extreme Networks EXOS before v.22.7 and before v.30.2 was discovered to contain an issue in its Web GUI which fails to restrict URL access, allowing attackers to access sensitive information or escalate privileges...

CVE-2020-18305

Extreme Networks EXOS before v.22.7 and before v.30.2 was discovered to contain an issue in its Web GUI which fails to restrict URL access, allowing attackers to access sensitive information or escalate privileges...

CVE-2020-18305

Extreme Networks EXOS is affected by a Web GUI URL access restriction flaw in versions prior to 22.7 and prior to 30.2. The root cause is that the Web GUI does not correctly restrict URL access, enabling access to sensitive information and potential privilege escalation. Affected products: Extrem...