CVE-2026-7579

A security vulnerability has been detected in AstrBotDevs AstrBot up to 4.16.0. This issue affects some unknown processing of the file astrbot/dashboard/routes/auth.py of the component Dashboard. The manipulation leads to hard-coded credentials. It is possible to initiate the attack remotely. The...

CVE-2026-7579

A security vulnerability has been detected in AstrBotDevs AstrBot up to 4.16.0. This issue affects some unknown processing of the file astrbot/dashboard/routes/auth.py of the component Dashboard. The manipulation leads to hard-coded credentials. It is possible to initiate the attack remotely. The...

CVE-2026-5418

A vulnerability was identified in appsmithorg appsmith up to 1.97. Impacted is the function computeDisallowedHosts of the file app/server/appsmith-interfaces/src/main/java/com/appsmith/util/WebClientUtils.java of the component Dashboard. Such manipulation leads to server-side request forgery. The...

PT-2026-29873

A vulnerability was identified in appsmithorg appsmith up to 1.97. Impacted is the function computeDisallowedHosts of the file app/server/appsmith-interfaces/src/main/java/com/appsmith/util/WebClientUtils.java of the component Dashboard. Such manipulation leads to server-side request forgery. The...

Appsmith 代码问题漏洞

Appsmith is an open-source platform developed by Appsmith for building, deploying, and maintaining internal applications. Versions of Appsmith 1.97 and earlier contained code vulnerabilities. These vulnerabilities stemmed from incorrect operations in the computeDisallowedHosts function of the...

EUVD-2023-34662

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2022-41563

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Dashboard component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server - Developer Edition, TIBCO...

Samarium 安全漏洞

Samarium is an open source business management system by oitcode individual developers. A security vulnerability exists in Samarium 0.9.6 and earlier versions, which stems from the vulnerability of file/dashboard/team to cross-site scripting attacks...

CVE-2021-32090

The dashboard component of StackLift LocalStack 0.12.6 allows attackers to inject arbitrary shell commands via the functionName parameter...

CVE-2019-15479

Status Board 1.1.81 has reflected XSS via dashboard.ts...

Duplicate Advisory: Umbraco CMS Cross-site Scripting vulnerability

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-69cg-w8vm-h229. This link is maintained to preserve external references. Original Description A vulnerability was found in Umbraco CMS 12.3.6. It has been classified as problematic. Affected is an unknown functi...

PT-2024-5320 · Ibm · Ibm App Connect Enterprise

Name of the Vulnerable Software and Affected Versions: IBM App Connect Enterprise versions 11.0.0.1 through 11.0.0.25 IBM App Connect Enterprise versions 12.0.1.0 through 12.0.12.0 Description: The issue exists due to inadequate protection of the web page structure in the Dashboard component of I...

PT-2024-5319 · Ibm · Ibm App Connect Enterprise

Name of the Vulnerable Software and Affected Versions: IBM App Connect Enterprise versions 11.0.0.1 through 11.0.0.25 IBM App Connect Enterprise versions 12.0.1.0 through 12.0.12.0 Description: The issue is related to the improper restrictions of resource allocation in the Dashboard component of...

CVE-2024-27287

ESPHome is a system to control your ESP8266/ESP32 for Home Automation systems. Starting in version 2023.12.9 and prior to version 2024.2.2, editing the configuration file API in dashboard component of ESPHome version 2023.12.9 command line installation and Home Assistant add-on serves unsanitized...

esphome vulnerable to stored Cross-site Scripting in edit configuration file API

Summary Edit configuration file API in dashboard component of ESPHome version 2023.12.9 command line installation and Home Assistant add-on serves unsanitized data with “Content-Type: text/html; charset=UTF-8”, allowing remote authenticated user to inject arbitrary web script and exfiltrate sessi...

GHSA-9P43-HJ5J-96H5 esphome vulnerable to stored Cross-site Scripting in edit configuration file API

Summary Edit configuration file API in dashboard component of ESPHome version 2023.12.9 command line installation and Home Assistant add-on serves unsanitized data with “Content-Type: text/html; charset=UTF-8”, allowing remote authenticated user to inject arbitrary web script and exfiltrate sessi...

CVE-2024-27081 ESPHome remote code execution via arbitrary file write

ESPHome is a system to control your ESP8266/ESP32. A security misconfiguration in the edit configuration file API in the dashboard component of ESPHome version 2023.12.9 command line installation allows authenticated remote attackers to read and write arbitrary files under the configuration...

CVE-2024-27081 ESPHome remote code execution via arbitrary file write

ESPHome is a system to control your ESP8266/ESP32. A security misconfiguration in the edit configuration file API in the dashboard component of ESPHome version 2023.12.9 command line installation allows authenticated remote attackers to read and write arbitrary files under the configuration...

CVE-2023-6364

In WhatsUp Gold versions released before 2023.1, a stored cross-site scripting XSS vulnerability has been identified. It is possible for an attacker to craft a XSS payload and store that value within a dashboard component. If a WhatsUp Gold user interacts with the crafted payload, the attacker...

PT-2023-32627 · Ipswitch · Whatsup Gold

Name of the Vulnerable Software and Affected Versions: WhatsUp Gold versions prior to 2023.1 Description: A stored cross-site scripting XSS issue has been identified, allowing an attacker to craft a XSS payload and store it within a dashboard component. If a user interacts with the crafted payloa...