Xiaomi Mi Router 3 Cross-Site Scripting Vulnerability

Xiaomi Mi Router 3 is a wireless router product from Chinese company Xiaomi. A cross-site scripting vulnerability exists in the API 404 page in Xiaomi Mi Router 3 version 2.22.15. A remote attacker can exploit this vulnerability to execute arbitrary JavaScript code via a modified URL path...

CVE-2018-13022

Cross-site scripting vulnerability in the API 404 page on Xiaomi Mi Router 3 version 2.22.15 allows attackers to execute arbitrary JavaScript via a modified URL path...

Cross site scripting

Cross-site scripting vulnerability in the API 404 page on Xiaomi Mi Router 3 version 2.22.15 allows attackers to execute arbitrary JavaScript via a modified URL path...

Cross site scripting

Cross-site scripting in password.htm in TOTOLINK A3002RU version 1.0.8 allows attackers to execute arbitrary JavaScript via the user's password...

CVE-2018-13312

Cross-site scripting in noticegen.htm in TOTOLINK A3002RU version 1.0.8 allows attackers to execute arbitrary JavaScript by modifying the "Input your notice URL" field...

Cross site scripting

Cross-site scripting in noticegen.htm in TOTOLINK A3002RU version 1.0.8 allows attackers to execute arbitrary JavaScript by modifying the "User phrases button" field...

CVE-2018-13308

Cross-site scripting in noticegen.htm in TOTOLINK A3002RU version 1.0.8 allows attackers to execute arbitrary JavaScript by modifying the "User phrases button" field...

CVE-2018-13309

Cross-site scripting in password.htm in TOTOLINK A3002RU version 1.0.8 allows attackers to execute arbitrary JavaScript via the user's password...

Cross site scripting

Cross-site scripting in password.htm in TOTOLINK A3002RU version 1.0.8 allows attackers to execute arbitrary JavaScript via the user's username...

CVE-2018-13312

Cross-site scripting in noticegen.htm in TOTOLINK A3002RU version 1.0.8 allows attackers to execute arbitrary JavaScript by modifying the "Input your notice URL" field...

CVE-2018-13310

Cross-site scripting in password.htm in TOTOLINK A3002RU version 1.0.8 allows attackers to execute arbitrary JavaScript via the user's username...

CVE-2018-13309

Cross-site scripting in password.htm in TOTOLINK A3002RU version 1.0.8 allows attackers to execute arbitrary JavaScript via the user's password...

Cross-Site Scripting (XSS)

Dojo Toolkit is vulnerable to cross-site scripting. A remote attacker is able to inject arbitrary Javascript into a victim's browser to steal session tokens or perform unwanted actions on behalf of a user...

Cross-Site Scripting (XSS)

flowplayer is vulnerable to cross-site scripting. A remote attacker is able to inject arbitrary Javascript into a victim's browser by via the callback parameter using URL encoding. This vulnerability exists due to an incomplete fix for CVE-2013-7342...

Cross-site Scripting (XSS)

graylog-web-interface is vulnerable to a cross-site scripting XSS attack. The library does not properly escape the text in the Dashboard, allowing a malicious user to inject and execute arbitrary Javascript...

Cross-Site Scripting (XSS)

DotNetNuke.Web is vulnerable to cross-site scripting. The Telerik HTML editor allows remote attackers to inject arbitrary Javascript into a victim's browser to steal session cookies and perform unwanted actions on behalf of the user...

Cross-Site Scripting (XSS)

DotNetNuke.Core is vulnerable to cross-site scripting. A remote attacker is able to inject arbitrary Javascript into a victim's browser via a crafted URL containing text that is used within a modal popup...

Cross site scripting

A stored xss in tianma-static module versions =1.0.4 allows an attacker to execute arbitrary javascript...

CVE-2018-16474

A stored xss in tianma-static module versions =1.0.4 allows an attacker to execute arbitrary javascript...

CVE-2018-16474

A stored xss in tianma-static module versions =1.0.4 allows an attacker to execute arbitrary javascript...