EUVD-2024-54768

Malicious code in bioql PyPI...

CVE-2024-36697

A cross-site scripting XSS vulnerability in the Admin Login page of Allworx System Software v9.1.9.12 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the SessionID parameter at query.asp...

CVE-2024-36697

A cross-site scripting XSS vulnerability in the Admin Login page of Allworx System Software v9.1.9.12 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the SessionID parameter at query.asp...

CVE-2024-36697

CVE-2024-36697 describes an XSS in Allworx System Software v9.1.9.12, affecting the Admin Login page via the SessionID parameter in query.asp. No exploitation details are provided in the connected documents. Remediation guidance from PT-2025-29092: apply a fix for Allworx System Software version ...

Allworx System Software 跨站脚本漏洞

Allworx System Software is a communication software platform from Allworx Corporation. A security vulnerability exists in Allworx System Software version v9.1.9.12, which stems from improper handling of the SessionID parameter in the Admin Login page, which could lead to a cross-site scripting...

PT-2025-29092 · Unknown · Allworx System

Name of the Vulnerable Software and Affected Versions: Allworx System Software version 9.1.9.12 Description: A cross-site scripting XSS issue exists in the Admin Login page. Attackers can execute arbitrary web scripts or HTML by injecting a crafted payload into the SessionID parameter at the...

CVE-2024-36697

A cross-site scripting XSS vulnerability in the Admin Login page of Allworx System Software v9.1.9.12 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the SessionID parameter at query.asp...

CVE-2024-36697

A cross-site scripting XSS vulnerability in the Admin Login page of Allworx System Software v9.1.9.12 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the SessionID parameter at query.asp...

Allworx Server Manager Multiple Cross-Site Scripting Vulnerabilities

Allworx Server Manager Multiple Cross-Site Scripting Vulnerabilities history.pushState'', '', '/' ::: default.asp ::: confirm0' / confirm1' / confirm2' / ::: action.asp ::: confirm3' / ::: query.asp ::: input type="hidden" name="query" value="RepQuerya xmlns:a='http://www.w3.org/1999/x...

Allworx Server Manager 6x / 6x12 / 48x Cross Site Scripting Vulnerability

Allworx Server Manager versions 6x, 6x12, and 48x suffer from multiple cross site scripting vulnerabilities. Allworx Server Manager Multiple Cross-Site Scripting Vulnerabilities history.pushState'', '', '/' ::: default.asp ::: input type="hidden" name="Tab" v...

Allworx Server Manager 6x / 6x12 / 48x Cross Site Scripting

Allworx Server Manager Multiple Cross-Site Scripting Vulnerabilities history.pushState'', '', '/' ::: default.asp ::: confirm0' / input type="hidden" name="SessionID" va...

Allworx Server Manager Multiple Cross-Site Scripting Vulnerabilities

Summary The Allworx phone system enables users to manage voicemails in the Allworx Message Center and customize the personal phone system configurations using My Allworx Manager. Description Allworx server manager interface suffers from multiple reflected XSS vulnerabilities when input passed via...