12 matches found
Open eClass 跨站脚本漏洞
Open eClass is an open-source e-classroom system developed by the Greek Universities Network. Versions of Open eClass prior to 4.2 contained a cross-site scripting vulnerability. This vulnerability stemmed from reflective cross-site scripts, which could allow remote attackers to execute arbitrary...
Nagios Fusion 安全漏洞
Nagios Fusion is a centralized monitoring and visualization platform from the US-based Nagios, Inc. A security vulnerability exists in Nagios Fusion versions prior to 4.2.0, which stems from a failure to clear user input when adding or configuring Email Settings, and could lead to a stored...
CVE-2025-62058
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in favethemes Houzez Theme - Functionality houzez-theme-functionality.This issue affects Houzez Theme - Functionality: from n/a through 4.2.0...
CVE-2025-34281 Stored Cross-Site Scripting (XSS) in ThingsBoard
ThingsBoard in versions prior to v4.2.1 allows an authenticated user to upload malicious SVG images via the "Image Gallery", leading to a Stored Cross-Site Scripting XSS vulnerability. The exploit can be triggered when any user accesses the public API endpoint of the malicious SVG images, or if t...
PT-2025-14792
Name of the Vulnerable Software and Affected Versions API Platform Core versions prior to 4.0.22 Description The issue allows bypassing configured security on an operation using the Relay special node type in hypermedia-driven REST and GraphQL APIs. Recommendations For versions prior to 4.0.22,...
CVE-2025-0877 XSS in AtaksAPP's Reservation Management System
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in AtaksAPP Reservation Management System allows Cross-Site Scripting XSS. This issue affects Reservation Management System: before 4.2.3...
CVE-2020-12507
In s::can moni::tools before version 4.2 an authenticated attacker could get full access to the database through SQL injection. This may result in loss of confidentiality, loss of integrity and DoS...
PT-2022-8327 · Unknown · S::Can Moni::Tools
Name of the Vulnerable Software and Affected Versions: s::can moni::tools versions prior to 4.2 Description: The issue allows an unauthenticated attacker to obtain any file from the device through path traversal in the camera-file module. Recommendations: For versions prior to 4.2, update to...
DEBIAN-CVE-2014-6262
Multiple format string vulnerabilities in the python module in RRDtool, as used in Zenoss Core before 4.2.5 and other products, allow remote attackers to execute arbitrary code or cause a denial of service application crash via a crafted third argument to the rrdtool.graph function, aka ZEN-15415...
SAP BusinessObjects Business Intelligence Stored Cross-Site Scripting Vulnerability (CNVD-2019-34406)
SAP BusinessObjects Business Intelligence is a reporting and analytics business intelligence BI platform for enterprise users. A stored cross-site scripting vulnerability exists in SAP BusinessObjects Business Intelligence versions prior to 4.2. The vulnerability stems from the product's inabilit...
Pexip Infinity Remote Code Execution Vulnerability
Pexip Infinity is a virtual videoconferencing cloud collaboration platform from Pexip Norway. The platform works with standard protocol H.323, SIP based videoconferencing endpoints and videoconferencing infrastructures and is characterized by WAN bandwidth savings. A security vulnerability exists...
CVE-2016-1194
Cybozu Garoon before 4.2.1 allows remote attackers to cause a denial of service...