PT-2025-27615

Name of the Vulnerable Software and Affected Versions: Infinera G42 version R6.1.3 Description: The issue allows remote authenticated users to download all OS files via HTTP requests due to a path traversal vulnerability in the WebGUI HTTP endpoint. This is caused by a lack or insufficient...

PT-2025-27624

Name of the Vulnerable Software and Affected Versions: Infinera G42 version R6.1.3 Description: A missing double-check feature in the WebGUI for CLI deactivation allows an authenticated administrator to make other management interfaces unavailable via local and network interfaces. The CLI...

Directory Traversal

billz/raspap-webgui is vulnerable to Directory Traversal. The vulnerability is due to improper input validation due to the entity parameter in ajax/networking/getwgkey.php allowing crafted POST requests that leverage the tee command to overwrite arbitrary files writable by the web server...

CVE-2025-43877

WRC-1167GHBK2-S contains a stored cross-site scripting vulnerability in WebGUI. If exploited, an arbitrary script may be executed on the web browser of the user who accessed WebGUI of the product...

CVE-2025-43877

WRC-1167GHBK2-S contains a stored cross-site scripting vulnerability in WebGUI. If exploited, an arbitrary script may be executed on the web browser of the user who accessed WebGUI of the product...

CVE-2025-43877

CVE-2025-43877 affects Elecom WRC-1167GHBK2-S: stored cross-site scripting in WebGUI enabling script execution in a user’s browser upon WebGUI access. Affected product scope includes all versions of WRC-1167GHBK2-S (per JVN/Red Hat entries); no explicit firmware version fix is provided in the con...

CVE-2025-43877

WRC-1167GHBK2-S contains a stored cross-site scripting vulnerability in WebGUI. If exploited, an arbitrary script may be executed on the web browser of the user who accessed WebGUI of the product...

CVE-2025-43877

WRC-1167GHBK2-S contains a stored cross-site scripting vulnerability in WebGUI. If exploited, an arbitrary script may be executed on the web browser of the user who accessed WebGUI of the product...

PT-2025-26694 · Unknown · Wrc-1167Ghbk2-S

Name of the Vulnerable Software and Affected Versions: WRC-1167GHBK2-S affected versions not specified Description: The issue is a stored cross-site scripting vulnerability in the WebGUI of the product. If exploited, an arbitrary script may be executed on the web browser of the user who accessed...

Security Bulletin: Vulnerability in Babel runtime library affect Tivoli Netcool/OMNIbus WebGUI (CVE-2025-27789)

Summary Babel is a compiler used to generate JavaScript code for Tivoli Netcool/OMNIbus WebGUI Event Viewer, Netcool Operations Insight NOI Event Analytics Configuration and Scope Based Grouping client components. Vulnerability Details CVEID:CVE-2025-27789 DESCRIPTION: Babel is a compiler for...

CVE-2022-29273

pfSense CE through 2.6.0 and pfSense Plus before 22.05 allow XSS in the WebGUI via URL Table Alias URL parameters...

CVE-2020-19203

An authenticated Cross-Site Scripting XSS vulnerability was found in widgets/widgets/wakeonlanwidget.php, a component of the pfSense software WebGUI, on version 2.4.4-p2 and earlier. The widget did not encode the descr description parameter of wake-on-LAN entries in its output, leading to a...

CVE-2020-14563

Vulnerability in the Oracle Enterprise Communications Broker product of Oracle Communications Applications component: WebGUI. Supported versions that are affected are 3.0.0-3.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle...

CVE-2020-11457

pfSense before 2.4.5 has stored XSS in systemusermanageraddprivs.php in the WebGUI via the descr parameter aka full name of a user...

CVE-2020-19201

A Stored Cross-Site Scripting XSS vulnerability was found in statusfilterreload.php, a page in the pfSense software WebGUI, on Netgate pfSense version 2.4.4-p2 and earlier. The page did not encode output from the filter reload process, and a stored XSS was possible via the descr description...

CVE-2015-1564

Cross-site scripting XSS vulnerability in style-underground/search in Plain Black WebGUI 7.10.29 and earlier allows remote attackers to inject arbitrary web script or HTML via the Search field...

CVE-2008-0940

Cross-site scripting XSS vulnerability in Plain Black WebGUI before 7.4.24 allows remote attackers to inject arbitrary web script or HTML when creating a username, a different vulnerability than CVE-2007-0407...

Security Bulletin: A security vulnerability has been identified in IBM Jazz for Service Management shipped with Tivoli Netcool/OMNIbus WebGUI (CVE-2020-4939)

Summary IBM Jazz for Service Management JazzSM is shipped as a component of Tivoli Netcool/OMNIbus WebGUI. Information about a security vulnerability affecting JazzSM has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes...

CVE-2025-29266

CVE-2025-29266 affects Unraid OS 7.0.0 prior to 7.0.1. The issue allows remote users to access the Unraid WebGUI and web console as root without authentication when a container runs in Host networking mode with Use Tailscale enabled, enabling total compromise of the web interface. The root cause ...

CVE-2025-29266

Unraid 7.0.0 before 7.0.1 allows remote users to access the Unraid WebGUI and web console as root without authentication if a container is running in Host networking mode with Use Tailscale enabled...