27 matches found
EUVD-2025-1555
Malicious code in bioql PyPI...
CVE-2025-0220
A vulnerability, which was classified as problematic, was found in Trimble SPS851 488.01. This affects an unknown part of the component Ethernet Configuration Menu. The manipulation of the argument Hostname leads to cross site scripting. It is possible to initiate the attack remotely. The exploit...
CVE-2014-5382
Multiple cross-site scripting XSS vulnerabilities in the web interface in Schrack Technik microControl with firmware 1.7.0 937 allow remote attackers to inject arbitrary web script or HTML via the position textbox in the configuration menu or other unspecified vectors...
CVE-2025-0220
A vulnerability, which was classified as problematic, was found in Trimble SPS851 488.01. This affects an unknown part of the component Ethernet Configuration Menu. The manipulation of the argument Hostname leads to cross site scripting. It is possible to initiate the attack remotely. The exploit...
CVE-2025-0220
CVE-2025-0220 affects Trimble SPS851 v488.01 in the Ethernet Configuration Menu. The Hostname parameter manipulation triggers reflected cross-site scripting; remote exploitation is possible and the exploit has been disclosed publicly. Vendor response is noted as absent. Mitigation notes from PT-2...
CVE-2025-0220 Trimble SPS851 Ethernet Configuration Menu cross site scripting
A vulnerability, which was classified as problematic, was found in Trimble SPS851 488.01. This affects an unknown part of the component Ethernet Configuration Menu. The manipulation of the argument Hostname leads to cross site scripting. It is possible to initiate the attack remotely. The exploit...
CVE-2025-0220 Trimble SPS851 Ethernet Configuration Menu cross site scripting
A vulnerability, which was classified as problematic, was found in Trimble SPS851 488.01. This affects an unknown part of the component Ethernet Configuration Menu. The manipulation of the argument Hostname leads to cross site scripting. It is possible to initiate the attack remotely. The exploit...
PT-2025-3790 · Trimble · Trimble Sps851
Name of the Vulnerable Software and Affected Versions: Trimble SPS851 version 488.01 Description: A problematic issue was found in the Ethernet Configuration Menu component of the affected software. The manipulation of the Hostname argument leads to cross-site scripting. It is possible to initiat...
CVE-2024-36498
Due to missing input sanitization, an attacker can perform cross-site-scripting attacks and run arbitrary Javascript in the browser of other users. The "Edit Disclaimer Text" function of the configuration menu is vulnerable to stored XSS. Only the users Poweruser and Admin can use this function...
CVE-2024-36498
Image Access Scan2Net (Image Access Germany) is affected by a stored XSS vulnerability in the configuration menu’s Edit Disclaimer Text function due to missing input sanitization. The stored JavaScript payload executes in users’ browsers (including kiosk mode) when the ScanWizard loads. A fix was...
CVE-2024-47947 Stored cross site scripting
Due to missing input sanitization, an attacker can perform cross-site-scripting attacks and run arbitrary Javascript in the browser of other users. The "Edit Disclaimer Text" function of the configuration menu is vulnerable to stored XSS. Only the users Poweruser and Admin can use this function...
PT-2024-32909 · Unknown · Scanwizard
Name of the Vulnerable Software and Affected Versions: Software affected versions not specified Description: The issue is related to missing input sanitization, allowing an attacker to perform cross-site-scripting attacks and run arbitrary Javascript in the browser of other users. The "Edit...
CVE-2020-8007
The pwrstudio web application of EV Charger in the server in Circontrol Raption through 5.6.2 is vulnerable to OS command injection via three fields of the configuration menu for ntpserver0, ntpserver1, and pingip...
CVE-2020-8007
The pwrstudio web application of EV Charger in the server in Circontrol Raption through 5.6.2 is vulnerable to OS command injection via three fields of the configuration menu for ntpserver0, ntpserver1, and pingip...
CVE-2020-8007
The CVE-2020-8007 issue affects Circontrol Raption’s server-side pwrstudio web app (EV Charger) up to versions through 5.6.2. The vulnerability is an OS command injection in the configuration fields ntpserver0, ntpserver1, and pingip, as reported across multiple sources. Impact is described as co...
CVE-2020-8007
The pwrstudio web application of EV Charger in the server in Circontrol Raption through 5.6.2 is vulnerable to OS command injection via three fields of the configuration menu for ntpserver0, ntpserver1, and pingip...
CVE-2024-24116
An issue in Ruijie RG-NBS2009G-P RGOS v.10.41P2 Release9736 allows a remote attacker to gain privileges via the system/configmenu.htm...
CVE-2020-18469
Stored cross-site scripting XSS vulnerability in the Copyright Text field found in the Application page under the Configuration menu in Rukovoditel 2.4.1 allows remote attackers to inject arbitrary web script or HTML via a crafted website name by doing an authenticated POST HTTP request to...
Cross site scripting
Stored cross-site scripting XSS vulnerability in the Copyright Text field found in the Application page under the Configuration menu in Rukovoditel 2.4.1 allows remote attackers to inject arbitrary web script or HTML via a crafted website name by doing an authenticated POST HTTP request to...
Authentication flaw
Panasonic KX-HJB1000 Home unit devices with firmware GHX1YG 14.50 or HJB10004.47 allow an attacker to bypass access restrictions to view the configuration menu via unspecified vectors...