1747 matches found
PT-2026-21529
Name of the Vulnerable Software and Affected Versions Shenzhen Tenda F3 Wireless Router firmware version V12.01.01.55 multi Description The web-based administrative interface does not set the X-Frame-Options header, which allows an attacker to embed administrative pages in an iframe. This can tri...
📄 Telesquare TLR-2005KSH Remote Command Execution
Telesquare TLR-2005KSH proof of concept remote command execution exploit. ============================================================================================================================================= | Title : Telesquare TLR-2005KSH - Remote Command Execution vulnerability | |...
CVE-2025-62326
HCL Digital Experience is susceptible to stored cross-site scripting XSS in the administrative user interface which would require elevated privileges to exploit...
CVE-2026-27505
SVXportal version 2.5 and prior contain a stored cross-site scripting vulnerability in the user registration workflow index.php submitting to admin/useraction.php. User-supplied fields such as Firstname, lastname, and email are stored in the backend database without adequate output encoding and a...
CVE-2026-27506
SVXportal version 2.5 and prior contain a stored cross-site scripting vulnerability in the user profile update workflow usersettings.php submitting to admin/updateuser.php. Authenticated users can store malicious HTML/JavaScript in fields such as Firstname, lastname, email, and imageurl, which ar...
CVE-2025-62326
HCL Digital Experience is susceptible to stored cross-site scripting XSS in the administrative user interface which would require elevated privileges to exploit...
CVE-2025-62326 HCL Digital Experience is susceptible to stored cross-site scripting (XSS)
HCL Digital Experience is susceptible to stored cross-site scripting XSS in the administrative user interface which would require elevated privileges to exploit...
CVE-2025-62326
HCL Digital Experience is susceptible to stored XSS in the administrative UI that requires elevated privileges to exploit. Affected component: the admin interface of HCL Digital Experience. The vulnerability is stored XSS with the attacker needing high privileges and user interaction is required ...
CVE-2026-27505
SVXportal version 2.5 and prior contain a stored cross-site scripting vulnerability in the user registration workflow index.php submitting to admin/useraction.php. User-supplied fields such as Firstname, lastname, and email are stored in the backend database without adequate output encoding and a...
CVE-2026-27506
SVXportal version 2.5 and prior contain a stored cross-site scripting vulnerability in the user profile update workflow usersettings.php submitting to admin/updateuser.php. Authenticated users can store malicious HTML/JavaScript in fields such as Firstname, lastname, email, and imageurl, which ar...
CVE-2026-27506
SVXportal version 2.5 and prior contain a stored cross-site scripting vulnerability in the user profile update workflow usersettings.php submitting to admin/updateuser.php. Authenticated users can store malicious HTML/JavaScript in fields such as Firstname, lastname, email, and imageurl, which ar...
CVE-2026-27506
SVXportal version 2.5 and prior contain a stored cross-site scripting vulnerability in the user profile update workflow usersettings.php submitting to admin/updateuser.php. Authenticated users can store malicious HTML/JavaScript in fields such as Firstname, lastname, email, and imageurl, which ar...
CVE-2026-27506 SVXportal <= 2.5 Profile Update Stored XSS
SVXportal version 2.5 and prior contain a stored cross-site scripting vulnerability in the user profile update workflow usersettings.php submitting to admin/updateuser.php. Authenticated users can store malicious HTML/JavaScript in fields such as Firstname, lastname, email, and imageurl, which ar...
CVE-2026-27506
SVXportal before or equal to version 2.5 contains a stored XSS in the profile update flow (user_settings.php -> admin/update_user.php). Authenticated users can inject HTML/JavaScript into profile fields (Firstname, lastname, email, image_url) that are rendered uncoded in the admin interface (a...
CVE-2026-27506 SVXportal <= 2.5 Profile Update Stored XSS
SVXportal version 2.5 and prior contain a stored cross-site scripting vulnerability in the user profile update workflow usersettings.php submitting to admin/updateuser.php. Authenticated users can store malicious HTML/JavaScript in fields such as Firstname, lastname, email, and imageurl, which ar...
CVE-2026-27505 SVXportal <= 2.5 admin/user_action.php Stored XSS
SVXportal version 2.5 and prior contain a stored cross-site scripting vulnerability in the user registration workflow index.php submitting to admin/useraction.php. User-supplied fields such as Firstname, lastname, and email are stored in the backend database without adequate output encoding and a...
CVE-2026-27505
SVXportal admin/user_action.php). User-supplied fields (Firstname, lastname, email) are stored without proper output encoding and later rendered in the admin interface (admin/users.php), enabling an unauthenticated remote attacker to inject JavaScript that executes in an administrator’s browser ...
CVE-2026-27505 SVXportal <= 2.5 admin/user_action.php Stored XSS
SVXportal version 2.5 and prior contain a stored cross-site scripting vulnerability in the user registration workflow index.php submitting to admin/useraction.php. User-supplied fields such as Firstname, lastname, and email are stored in the backend database without adequate output encoding and a...
CVE-2026-27505
SVXportal version 2.5 and prior contain a stored cross-site scripting vulnerability in the user registration workflow index.php submitting to admin/useraction.php. User-supplied fields such as Firstname, lastname, and email are stored in the backend database without adequate output encoding and a...
PT-2026-21289
HCL Digital Experience is susceptible to stored cross-site scripting XSS in the administrative user interface which would require elevated privileges to exploit...