XXL-JOB v2.2.0 — Stored Cross Site Scripting

Multiple cross-site scripting XSS vulnerabilities in xxl-job v2.2.0 allow remote attackers to inject arbitrary web script or HTML via 1 AppName and 2AddressList parameter in JobGroupController.java file. id: CVE-2020-23814 info: name: XXL-JOB v2.2.0 — Stored Cross Site Scripting author:...

CVE-2026-27130 Dokploy has Command Injection in its Service Operations

Dokploy is a free, self-hostable Platform as a Service PaaS. Versions 0.26.6 and below have OS command injection through the appName parameter. 3 chained issues cause this problem: inadequate input sanitization, lack of schema validation and direct shell interpolation. User-controlled application...

CVE-2026-27130 Dokploy has Command Injection in its Service Operations

Dokploy is a free, self-hostable Platform as a Service PaaS. Versions 0.26.6 and below have OS command injection through the appName parameter. 3 chained issues cause this problem: inadequate input sanitization, lack of schema validation and direct shell interpolation. User-controlled application...

PT-2026-41737

Name of the Vulnerable Software and Affected Versions Dokploy versions prior to 0.26.7 Description OS command injection occurs due to inadequate input sanitization, lack of schema validation, and direct shell interpolation. User-controlled application names are processed by the cleanAppName...

PT-2026-25734

Wowza Streaming Engine 4.5.0 contains multiple reflected cross-site scripting vulnerabilities in the enginemanager interface where input passed through various parameters is not properly sanitized before being returned to users. Attackers can inject malicious script code through parameters like...

CVE-2016-20036

Wowza Streaming Engine 4.5.0 contains multiple reflected cross-site scripting vulnerabilities in the enginemanager interface where input passed through various parameters is not properly sanitized before being returned to users. Attackers can inject malicious script code through parameters like...

CVE-2016-20036 Wowza Streaming Engine 4.5.0 Multiple Cross-Site Scripting Vulnerabilities

Wowza Streaming Engine 4.5.0 contains multiple reflected cross-site scripting vulnerabilities in the enginemanager interface where input passed through various parameters is not properly sanitized before being returned to users. Attackers can inject malicious script code through parameters like...

CVE-2016-20036 Wowza Streaming Engine 4.5.0 Multiple Cross-Site Scripting Vulnerabilities

Wowza Streaming Engine 4.5.0 contains multiple reflected cross-site scripting vulnerabilities in the enginemanager interface where input passed through various parameters is not properly sanitized before being returned to users. Attackers can inject malicious script code through parameters like...

EUVD-2021-25003

Malware in sbrugna...

VulnCheck KEV: CVE-2020-23814

Multiple cross-site scripting XSS vulnerabilities in xxl-job v2.2.0 allow remote attackers to inject arbitrary web script or HTML via 1 AppName and 2AddressList parameter in JobGroupController.java file...

Design/Logic Flaw

Ivanti Service Manager 2021.1 allows reflected XSS via the appName parameter associated with ConfigDB calls, such as in RelocateAttachments.aspx...

Ivanti Service Manager 跨站脚本漏洞

Ivanti Service Manager is a service manager from Ivanti USA, Inc. that helps organizations meet today's regulatory and technical demands for service delivery automation workflows. A cross-site scripting vulnerability exists in Ivanti Service Manager 2021.1 that allows reflection of cross-site...

xxl-job cross-site scripting vulnerability

xxl-job is a distributed task scheduling platform with core design goals of rapid development, simple learning, lightweight, and easy scalability. xxl-job 2.2.0 suffers from a cross-site scripting vulnerability that can be exploited to inject arbitrary Web script or HTML via the AppName and...

PT-2020-15584

Name of the Vulnerable Software and Affected Versions: xxl-job version 2.2.0 Description: The issue concerns multiple cross-site scripting XSS vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML via the AppName and AddressList parameters in the...

Update protection against LEADTOOLS Raster Twain LtocxTwainu.dll Buffer Overflow

A buffer overflow vulnerability exists in LEADTOOLS Raster Twain ActiveX control. LEADTOOLS Imaging SDK provides tools for adding advanced imaging features to various applications. The vulnerability is due to a boundary error while parsing the "AppName" parameter of the affected ActiveX control...