13 matches found
CVE-2026-50591
In Znuny LTS before 6.5.21 and Znuny before 7.3.3, XSS can occur via stored user preferences...
CVE-2025-11044
An Allocation of Resources Without Limits or Throttling vulnerability in the ANSL-Server component of B Automation Runtime versions prior to 6.5 and prior to R4.93 could be exploited by an unauthenti-cated attacker on the network to win a race condition, resulting in permanent denial-of-service D...
Zoom Workplace < 6.5.10 Vulnerability (ZSB-25046)
The version of Zoom Workplace installed on the remote host is prior to 6.5.10. It is, therefore, affected by a vulnerability as referenced in the ZSB-25046 advisory. - Cross-site scripting in Zoom Workplace for Windows before version 6.5.10 may allow an unauthenticated user to impact integrity vi...
CVE-2025-57797
Incorrect privilege assignment vulnerability exists in ScanSnap Manager installers versions prior to V6.5L61. If this vulnerability is exploited, an authenticated local attacker may escalate privileges and execute an arbitrary command...
CVE-2024-5284
The wp-affiliate-platform WordPress plugin before 6.5.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...
CVE-2024-10864 SQL Injection vulnerability has been discovered in OpenText™ Advanced Authentication.
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in OpenText Advanced Authentication. This issue affects Advanced Authentication versions before 6.5...
CVE-2024-5283
The wp-affiliate-platform WordPress plugin before 6.5.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
CVE-2023-48554
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...
Devellion CubeCart Security Breach
Devellion CubeCart is a free and open source e-commerce shopping cart software from the company of Devellion UK. The software supports selling products, adding/editing products or images in an online store, etc. A security vulnerability exists in Devellion CubeCart versions prior to 6.5.3, which...
Fortinet FortiSIEM 信任管理问题漏洞
Fortinet FortiSIEM is a suite of security information and event management systems from the American company Fiat Fortinet. The system includes features such as asset discovery, workflow automation, and unified management. A trust management issue vulnerability exists in Fortinet FortiSIEM versio...
CVE-2020-12350
Improper access control in the IntelR XTU before version 6.5.1.360 may allow an authenticated user to potentially enable escalation of privilege via local access...
KinagaCMS Cross-Site Scripting Vulnerability
KinagaCMS is a PHP-based content management system CMS. A cross-site scripting vulnerability exists in KinagaCMS versions prior to 6.5. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML...
CVE-2017-9640
A Path Traversal issue was discovered in Automated Logic Corporation ALC ALC WebCTRL, i-Vu, SiteScan Web prior to 6.5; ALC WebCTRL, SiteScan Web 6.1 and prior; ALC WebCTRL, i-Vu 6.0 and prior; ALC WebCTRL, i-Vu, SiteScan Web 5.5 and prior; and ALC WebCTRL, i-Vu, SiteScan Web 5.2 and prior. An...