Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 9:55 a.m.4 views

CVE-2024-28092

UBEE DDW365 XCNDDW365 8.14.3105 software on hardware 3.13.1 allows a remote attacker within Wi-Fi proximity to conduct stored XSS attacks via RgFirewallEL.asp, RgDdns.asp, RgTime.asp, RgDiagnostics.asp, or RgParentalBasic.asp. The affected fields are SMTP Server Name, SMTP Username, Host Name, Ti...

7.2CVSS6.3AI score0.00534EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/03/19 12:0 a.m.30 views

CVE-2024-28092

UBEE DDW365 XCNDDW365 8.14.3105 software on hardware 3.13.1 allows a remote attacker within Wi-Fi proximity to conduct stored XSS attacks via RgFirewallEL.asp, RgDdns.asp, RgTime.asp, RgDiagnostics.asp, or RgParentalBasic.asp. The affected fields are SMTP Server Name, SMTP Username, Host Name, Ti...

5.8AI score0.00534EPSS
Exploits0References1
wpexploit
wpexploit
added 2022/06/27 12:0 a.m.252 views

Page Generator Plugin < 1.6.5 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. Got to Page Generator - Keywords - Add Keyword and put the following payload in the "Terms" field then...

4.8CVSS0.5AI score0.00493EPSS
Exploits2
OSV
OSV
added 2021/11/15 4:15 p.m.6 views

CVE-2021-41765

A SQL injection issue in pages/editfields/9ajax/addkeyword.php of ResourceSpace 9.5 and 9.6 rev 18274 allows remote unauthenticated attackers to execute arbitrary SQL commands via the k parameter. This allows attackers to uncover the full contents of the ResourceSpace database, including user...

9.8CVSS6.2AI score0.67845EPSS
Exploits1References2
Rows per page
Query Builder