Cross site scripting

A CWE-79: Improper Neutralization of Input During Web Page Generation 'Stored Cross-site Scripting' vulnerability exists in EVlink City EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1, EVlink Parking EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1, and EVlink Smart Wallbox EVB1A all...

CVE-2021-22722

A CWE-79: Improper Neutralization of Input During Web Page Generation 'Stored Cross-site Scripting' vulnerability exists in EVlink City EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1, EVlink Parking EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1, and EVlink Smart Wallbox EVB1A all...

CVE-2021-22722

The CVE-2021-22722 issue affects Schneider Electric EVlink products: EVlink City (EVC1S22P4/EVC1S7P4), EVlink Parking (EVW2/EVF2/EV.2), and EVlink Smart Wallbox (EVB1A) prior to R8 V3.4.0.1, due to CWE-79 Stored XSS from improper input neutralization when importing CSV files or changing station p...

CVE-2021-22771

A CWE-1236: Improper Neutralization of Formula Elements in a CSV File vulnerability exists in Easergy T300 with firmware V2.7.1 and older that would allow arbitrary command execution...

多款Schneider Electric产品跨站脚本漏洞

Schneider Electric EVlink City and others are a charging solution for electric vehicle charging stations from Schneider Electric France. EVlink City, EVlink Parking, and EVlink Smart Wallbox have a cross-site scripting vulnerability that vulnerability stems from the potential to cause code...

CSV Code Injection

CSV code injection is an attack scenario, where untrusted user input is written to a CSV file and leads to the execution of code formulas when the file is consumed by an external application e.g. Microsoft Excel or Google Sheets. As a result, this may lead to Data Exfiltration or Remote Code...

Booking Core has an unspecified vulnerability

Booking Core is an application. A Laravel-based booking system designed for travel websites, malls, travel agents, tour operators, B&Bs, villa rentals, resort rentals, Make Travel websites.Booking Core has a security vulnerability that stems from the subscription functionality in Ultimate Booking...

CVE-2020-25445

The “Subscribe” feature in Ultimate Booking System Booking Core 1.7.0 is vulnerable to CSV formula injection. The input containing the excel formula is not being sanitized by the application. As a result when admin in backend download and open the csv, content of the cells are executed...

Input validation

The “Subscribe” feature in Ultimate Booking System Booking Core 1.7.0 is vulnerable to CSV formula injection. The input containing the excel formula is not being sanitized by the application. As a result when admin in backend download and open the csv, content of the cells are executed...

CVE-2020-25445

The CVE-2020-25445 entry concerns Booking Core 1.7.0 (Ultimate Booking System) where the Subscribe feature does not sanitize CSV cells, allowing CSV formula injection when a backend admin downloads and opens the generated CSV. The underlying issue is improper input handling in the subscription/ex...

CVE-2020-25445

The “Subscribe” feature in Ultimate Booking System Booking Core 1.7.0 is vulnerable to CSV formula injection. The input containing the excel formula is not being sanitized by the application. As a result when admin in backend download and open the csv, content of the cells are executed...

WordPress plugin code injection vulnerability (CNVD-2021-52421)

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports PHP and MySQL servers to set up a personal blog site.WordPress Plugin is a WordPress open source application plugin . A code injection vulnerability exists in the WordPress...

July 13, 2021—KB5004302 (Security-only update)

July 13, 2021—KB5004302 Security-only update Important: This release includes the Flash Removal Package. Taking this update will remove Adobe Flash from the device. For more information, see the Update on Adobe Flash Player End of Support. Important: Windows Server 2012 has reached the end of...

CVE-2021-24441

The Sign-up Sheets WordPress plugin before 1.0.14 does not not sanitise or validate the Sheet title when generating the CSV to export, which could lead to a CSV injection issue...

CVE-2021-24441

The Sign-up Sheets WordPress plugin before 1.0.14 does not not sanitise or validate the Sheet title when generating the CSV to export, which could lead to a CSV injection issue...

Design/Logic Flaw

The Sign-up Sheets WordPress plugin before 1.0.14 does not not sanitise or validate the Sheet title when generating the CSV to export, which could lead to a CSV injection issue...

CVE-2021-24441

CVE-2021-24441 affects the WordPress Sign-up Sheets plugin (versions prior to 1.0.14). The issue is CSV injection arising when exporting CSVs: the plugin does not sanitise or validate the Sheet title during CSV generation, allowing potentially unsafe input to be interpreted as a formula. Public s...

CVE-2021-24441 Sign-up Sheets < 1.0.14 - Authenticated CSV Injection

The Sign-up Sheets WordPress plugin before 1.0.14 does not not sanitise or validate the Sheet title when generating the CSV to export, which could lead to a CSV injection issue...

Nexfil - OSINT Tool For Finding Profiles By Username

NExfil is an OSINT tool written in python for finding profiles by username. The provided usernames are checked on over 350 websites within few seconds. The goal behind this tool was to get results quickly while maintaining low amounts of false positives. If you like my work please star this proje...

WFH - Windows Feature Hunter

Windows Feature Hunter WFH is a proof of concept python script that uses Frida, a dynamic instrumentation toolkit, to assist in potentially identifying common “vulnerabilities” or “features” within Windows executables. WFH currently has the capability to automatically identify potential Dynamic...