Lucene search
+L

1055 matches found

NVD
NVD
added 2025/11/26 1:16 a.m.7 views

CVE-2025-66258

Stored Cross-Site Scripting via XML Injection in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform Stored XSS via crafted filenames injected into patchlist.xml. User-controlled filenames a...

7.1CVSS0.00167EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/11/26 12:45 a.m.5 views

CVE-2025-66258 Stored Cross-Site Scripting via XML Injection

Stored Cross-Site Scripting via XML Injection in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform Stored XSS via crafted filenames injected into patchlist.xml. User-controlled filenames a...

7.1CVSS5.4AI score0.00167EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/11/26 12:0 a.m.9 views

PT-2025-48112

Stored Cross-Site Scripting via XML Injection in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform Stored XSS via crafted filenames injected into patchlist.xml. User-controlled filenames a...

7.1CVSS5.8AI score0.00167EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/11/25 8:56 p.m.12 views

CVE-2018-25126

Shenzhen TVT Digital Technology Co., Ltd. NVMS-9000 firmware used by many white-labeled DVR/NVR/IPC products contains hardcoded API credentials and an OS command injection flaw in its configuration services. The web/API interface accepts HTTP/XML requests authenticated with a fixed vendor...

9.3CVSS7.8AI score0.03777EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/11/11 12:11 a.m.18 views

CVE-2025-12921

A vulnerability has been found in OpenClinica Community Edition up to 3.12.2/3.13. Affected by this issue is some unknown functionality of the file /ImportCRFData?action=confirm of the component CRF Data Import. Such manipulation of the argument xmlfile leads to xml injection. It is possible to...

8.8CVSS6.7AI score0.00517EPSS
Exploits1References1
EUVD
EUVD
added 2025/11/10 12:30 a.m.5 views

EUVD-2025-38721

A vulnerability has been found in OpenClinica Community Edition up to 3.12.2/3.13. Affected by this issue is some unknown functionality of the file /ImportCRFData?action=confirm of the component CRF Data Import. Such manipulation of the argument xmlfile leads to xml injection. It is possible to...

5.3CVSS6.3AI score0.00517EPSS
Exploits1References6
OSV
OSV
added 2025/11/10 12:15 a.m.6 views

CVE-2025-12921

A vulnerability has been found in OpenClinica Community Edition up to 3.12.2/3.13. Affected by this issue is some unknown functionality of the file /ImportCRFData?action=confirm of the component CRF Data Import. Such manipulation of the argument xmlfile leads to xml injection. It is possible to...

8.8CVSS5.5AI score0.00517EPSS
Exploits1References5
NVD
NVD
added 2025/11/10 12:15 a.m.6 views

CVE-2025-12921

A vulnerability has been found in OpenClinica Community Edition up to 3.12.2/3.13. Affected by this issue is some unknown functionality of the file /ImportCRFData?action=confirm of the component CRF Data Import. Such manipulation of the argument xmlfile leads to xml injection. It is possible to...

8.8CVSS0.00517EPSS
Exploits1References5
Cvelist
Cvelist
added 2025/11/09 11:32 p.m.19 views

CVE-2025-12921 OpenClinica Community Edition CRF Data Import ImportCRFData xml injection

A vulnerability has been found in OpenClinica Community Edition up to 3.12.2/3.13. Affected by this issue is some unknown functionality of the file /ImportCRFData?action=confirm of the component CRF Data Import. Such manipulation of the argument xmlfile leads to xml injection. It is possible to...

5.3CVSS0.00517EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2025/11/09 11:32 p.m.6 views

CVE-2025-12921 OpenClinica Community Edition CRF Data Import ImportCRFData xml injection

A vulnerability has been found in OpenClinica Community Edition up to 3.12.2/3.13. Affected by this issue is some unknown functionality of the file /ImportCRFData?action=confirm of the component CRF Data Import. Such manipulation of the argument xmlfile leads to xml injection. It is possible to...

5.3CVSS6.5AI score0.00517EPSS
Exploits1References5
CVE
CVE
added 2025/11/09 11:32 p.m.21 views

CVE-2025-12921

OpenClinica Community Edition vulnerable to XML injection in CRF Data Import, via /ImportCRFData?action=confirm with manipulated xml_file. Affected versions: up to 3.12.2/3.13. Attacker could exploit remotely; exploit has been disclosed publicly. Remediation is to upgrade to a newer release (vers...

8.8CVSS6.5AI score0.00517EPSS
Exploits1References5Affected Software1
Positive Technologies
Positive Technologies
added 2025/11/09 12:0 a.m.9 views

PT-2025-45583

Name of the Vulnerable Software and Affected Versions OpenClinica Community Edition versions up to 3.12.2/3.13 Description A flaw exists in OpenClinica Community Edition that allows for XML injection. This issue is related to the processing of the xml file argument within the...

5.3CVSS6.4AI score0.00517EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2025/11/06 12:0 a.m.18 views

PT-2025-45352

Name of the Vulnerable Software and Affected Versions MetInfo Content Management System CMS versions through 8.1 Description A Server-Side Request Forgery SSRF issue, achievable through an XML External Entity XXE injection, exists. The flaw is due to a defect in the XML parsing logic, allowing an...

7.5CVSS5.8AI score0.0046EPSS
Exploits1References5
VulnCheck KEV
VulnCheck KEV
added 2025/10/28 12:0 a.m.8 views

VulnCheck KEV: CVE-2025-54251

Adobe Experience Manager versions 6.5.23.0 and earlier are affected by an XML Injection vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to manipulate XML queries and gain limited unauthorized write access...

4.3CVSS5.8AI score0.01609EPSS
In wildExploits0References2
RedhatCVE
RedhatCVE
added 2025/10/22 11:12 a.m.14 views

CVE-2025-7473

Zohocorp ManageEngine EndPoint Central versions 11.4.2516.1 and prior are vulnerable to XML Injection...

5.3CVSS7AI score0.00317EPSS
Exploits0References1
CNVD
CNVD
added 2025/10/22 12:0 a.m.6 views

ZOHO ManageEngine Endpoint Central XML Injection Vulnerability

ZOHO ManageEngine Endpoint Central is a desktop management system from ZOHO. An XML injection vulnerability exists in ZOHO ManageEngine Endpoint Central, and no details of the vulnerability are available at this time...

5.3CVSS7.4AI score0.00317EPSS
Exploits0References1
OSV
OSV
added 2025/10/21 11:15 a.m.6 views

CVE-2025-7473

Zohocorp ManageEngine EndPoint Central versions 11.4.2516.1 and prior are vulnerable to XML Injection...

5.3CVSS5.8AI score
Exploits0References1
NVD
NVD
added 2025/10/21 11:15 a.m.8 views

CVE-2025-7473

Zohocorp ManageEngine EndPoint Central versions 11.4.2516.1 and prior are vulnerable to XML Injection...

5.3CVSS0.00317EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/10/21 10:58 a.m.13 views

CVE-2025-7473 XML Injection

Zohocorp ManageEngine EndPoint Central versions 11.4.2516.1 and prior are vulnerable to XML Injection...

5.2CVSS0.00317EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/10/21 10:58 a.m.6 views

CVE-2025-7473 XML Injection

Zohocorp ManageEngine EndPoint Central versions 11.4.2516.1 and prior are vulnerable to XML Injection...

5.2CVSS6.6AI score0.00317EPSS
Exploits0References1
Rows per page
Query Builder