1055 matches found
CVE-2025-66258
Stored Cross-Site Scripting via XML Injection in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform Stored XSS via crafted filenames injected into patchlist.xml. User-controlled filenames a...
CVE-2025-66258 Stored Cross-Site Scripting via XML Injection
Stored Cross-Site Scripting via XML Injection in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform Stored XSS via crafted filenames injected into patchlist.xml. User-controlled filenames a...
PT-2025-48112
Stored Cross-Site Scripting via XML Injection in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform Stored XSS via crafted filenames injected into patchlist.xml. User-controlled filenames a...
CVE-2018-25126
Shenzhen TVT Digital Technology Co., Ltd. NVMS-9000 firmware used by many white-labeled DVR/NVR/IPC products contains hardcoded API credentials and an OS command injection flaw in its configuration services. The web/API interface accepts HTTP/XML requests authenticated with a fixed vendor...
CVE-2025-12921
A vulnerability has been found in OpenClinica Community Edition up to 3.12.2/3.13. Affected by this issue is some unknown functionality of the file /ImportCRFData?action=confirm of the component CRF Data Import. Such manipulation of the argument xmlfile leads to xml injection. It is possible to...
EUVD-2025-38721
A vulnerability has been found in OpenClinica Community Edition up to 3.12.2/3.13. Affected by this issue is some unknown functionality of the file /ImportCRFData?action=confirm of the component CRF Data Import. Such manipulation of the argument xmlfile leads to xml injection. It is possible to...
CVE-2025-12921
A vulnerability has been found in OpenClinica Community Edition up to 3.12.2/3.13. Affected by this issue is some unknown functionality of the file /ImportCRFData?action=confirm of the component CRF Data Import. Such manipulation of the argument xmlfile leads to xml injection. It is possible to...
CVE-2025-12921
A vulnerability has been found in OpenClinica Community Edition up to 3.12.2/3.13. Affected by this issue is some unknown functionality of the file /ImportCRFData?action=confirm of the component CRF Data Import. Such manipulation of the argument xmlfile leads to xml injection. It is possible to...
CVE-2025-12921 OpenClinica Community Edition CRF Data Import ImportCRFData xml injection
A vulnerability has been found in OpenClinica Community Edition up to 3.12.2/3.13. Affected by this issue is some unknown functionality of the file /ImportCRFData?action=confirm of the component CRF Data Import. Such manipulation of the argument xmlfile leads to xml injection. It is possible to...
CVE-2025-12921 OpenClinica Community Edition CRF Data Import ImportCRFData xml injection
A vulnerability has been found in OpenClinica Community Edition up to 3.12.2/3.13. Affected by this issue is some unknown functionality of the file /ImportCRFData?action=confirm of the component CRF Data Import. Such manipulation of the argument xmlfile leads to xml injection. It is possible to...
CVE-2025-12921
OpenClinica Community Edition vulnerable to XML injection in CRF Data Import, via /ImportCRFData?action=confirm with manipulated xml_file. Affected versions: up to 3.12.2/3.13. Attacker could exploit remotely; exploit has been disclosed publicly. Remediation is to upgrade to a newer release (vers...
PT-2025-45583
Name of the Vulnerable Software and Affected Versions OpenClinica Community Edition versions up to 3.12.2/3.13 Description A flaw exists in OpenClinica Community Edition that allows for XML injection. This issue is related to the processing of the xml file argument within the...
PT-2025-45352
Name of the Vulnerable Software and Affected Versions MetInfo Content Management System CMS versions through 8.1 Description A Server-Side Request Forgery SSRF issue, achievable through an XML External Entity XXE injection, exists. The flaw is due to a defect in the XML parsing logic, allowing an...
VulnCheck KEV: CVE-2025-54251
Adobe Experience Manager versions 6.5.23.0 and earlier are affected by an XML Injection vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to manipulate XML queries and gain limited unauthorized write access...
CVE-2025-7473
Zohocorp ManageEngine EndPoint Central versions 11.4.2516.1 and prior are vulnerable to XML Injection...
ZOHO ManageEngine Endpoint Central XML Injection Vulnerability
ZOHO ManageEngine Endpoint Central is a desktop management system from ZOHO. An XML injection vulnerability exists in ZOHO ManageEngine Endpoint Central, and no details of the vulnerability are available at this time...
CVE-2025-7473
Zohocorp ManageEngine EndPoint Central versions 11.4.2516.1 and prior are vulnerable to XML Injection...
CVE-2025-7473
Zohocorp ManageEngine EndPoint Central versions 11.4.2516.1 and prior are vulnerable to XML Injection...
CVE-2025-7473 XML Injection
Zohocorp ManageEngine EndPoint Central versions 11.4.2516.1 and prior are vulnerable to XML Injection...
CVE-2025-7473 XML Injection
Zohocorp ManageEngine EndPoint Central versions 11.4.2516.1 and prior are vulnerable to XML Injection...