28 matches found
CVE-2021-47827
WebSSH for iOS 14.16.10 contains a denial of service vulnerability in the mashREPL tool that allows attackers to crash the application by pasting malformed input. Attackers can trigger the vulnerability by copying a 300-character buffer of repeated 'A' characters into the mashREPL input field,...
CVE-2021-47827
WebSSH for iOS 14.16.10 contains a denial of service vulnerability in the mashREPL tool that allows attackers to crash the application by pasting malformed input. Attackers can trigger the vulnerability by copying a 300-character buffer of repeated 'A' characters into the mashREPL input field,...
CVE-2021-47827 WebSSH for iOS 14.16.10 - 'mashREPL' Denial of Service
WebSSH for iOS 14.16.10 contains a denial of service vulnerability in the mashREPL tool that allows attackers to crash the application by pasting malformed input. Attackers can trigger the vulnerability by copying a 300-character buffer of repeated 'A' characters into the mashREPL input field,...
CVE-2021-47827
CVE-2021-47827 affects WebSSH for iOS (14.16.10) via the mashREPL component. The vulnerability allows a denial-of-service by pasting a malformed input buffer (about 300 characters of repeated 'A') into mashREPL, which crashes the app. Public references indicate a PoC exists. CVSS data in the prov...
CVE-2021-47827 WebSSH for iOS 14.16.10 - 'mashREPL' Denial of Service
WebSSH for iOS 14.16.10 contains a denial of service vulnerability in the mashREPL tool that allows attackers to crash the application by pasting malformed input. Attackers can trigger the vulnerability by copying a 300-character buffer of repeated 'A' characters into the mashREPL input field,...
PT-2026-3283
WebSSH for iOS 14.16.10 contains a denial of service vulnerability in the mashREPL tool that allows attackers to crash the application by pasting malformed input. Attackers can trigger the vulnerability by copying a 300-character buffer of repeated 'A' characters into the mashREPL input field,...
webssh security vulnerabilities
webssh is a web-based SSH client developed by Shengdun Hua. Version 14.16.10 of webssh contains a security vulnerability, which stems from a buffer overflow in the mashREPL tool. This vulnerability could lead to a denial-of-service attack...
EUVD-2025-22006
Malicious code in bioql PyPI...
CVE-2025-7885
A vulnerability, which was classified as problematic, has been found in Huashengdun WebSSH up to 1.6.2. Affected by this issue is some unknown functionality of the component Login Page. The manipulation of the argument hostname/port leads to cross site scripting. The attack may be launched...
WebSSH Cross-site Scripting vulnerability
A vulnerability, which was classified as problematic, has been found in Huashengdun WebSSH up to 1.6.2. Affected by this issue is some unknown functionality of the component Login Page. The manipulation of the argument hostname/port leads to cross site scripting. The attack may be launched...
GHSA-9CG4-9HV5-3376 WebSSH Cross-site Scripting vulnerability
A vulnerability, which was classified as problematic, has been found in Huashengdun WebSSH up to 1.6.2. Affected by this issue is some unknown functionality of the component Login Page. The manipulation of the argument hostname/port leads to cross site scripting. The attack may be launched...
CVE-2025-7885
A vulnerability, which was classified as problematic, has been found in Huashengdun WebSSH up to 1.6.2. Affected by this issue is some unknown functionality of the component Login Page. The manipulation of the argument hostname/port leads to cross site scripting. The attack may be launched...
PYSEC-2025-234
A vulnerability, which was classified as problematic, has been found in Huashengdun WebSSH up to 1.6.2. Affected by this issue is some unknown functionality of the component Login Page. The manipulation of the argument hostname/port leads to cross site scripting. The attack may be launched...
PYSEC-2025-234
A vulnerability, which was classified as problematic, has been found in Huashengdun WebSSH up to 1.6.2. Affected by this issue is some unknown functionality of the component Login Page. The manipulation of the argument hostname/port leads to cross site scripting. The attack may be launched...
CVE-2025-7885
A vulnerability, which was classified as problematic, has been found in Huashengdun WebSSH up to 1.6.2. Affected by this issue is some unknown functionality of the component Login Page. The manipulation of the argument hostname/port leads to cross site scripting. The attack may be launched...
Cross-site Scripting (XSS)
Overview webssh is a Web based ssh client Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Login Page when user-supplied input in the hostname or port parameters is not properly sanitised. An attacker can inject and execute arbitrary JavaScript code in the...
CVE-2025-7885 Huashengdun WebSSH Login Page cross site scripting
A vulnerability, which was classified as problematic, has been found in Huashengdun WebSSH up to 1.6.2. Affected by this issue is some unknown functionality of the component Login Page. The manipulation of the argument hostname/port leads to cross site scripting. The attack may be launched...
CVE-2025-7885
Huashengdun WebSSH (up to v1.6.2) contains a cross-site scripting flaw in the Login Page caused by manipulation of the hostname/port argument. The vulnerability can be exploited remotely, and the public exploit has been disclosed; the vendor has not responded. Remediation mentioned in PT-2025-301...
CVE-2025-7885 Huashengdun WebSSH Login Page cross site scripting
A vulnerability, which was classified as problematic, has been found in Huashengdun WebSSH up to 1.6.2. Affected by this issue is some unknown functionality of the component Login Page. The manipulation of the argument hostname/port leads to cross site scripting. The attack may be launched...
webssh 代码注入漏洞
webssh is a web-based ssh client by the individual developer Shengdun Hua. A code injection vulnerability exists in WebSSH 1.6.2 and earlier versions, which originates from cross-site scripting due to incorrect manipulation of the hostname/port parameter by the Login Page component...