EUVD-2019-19926

PHPRunner 10.1 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the dashboard name field. Attackers can paste a buffer of 10000 characters into the Name field during dashboard creation to trigger an...

CVE-2019-25592

PHPRunner 10.1 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the dashboard name field. Attackers can paste a buffer of 10000 characters into the Name field during dashboard creation to trigger an...

CVE-2019-25592 PHPRunner 10.1 Denial of Service via Dashboard Name Field

PHPRunner 10.1 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the dashboard name field. Attackers can paste a buffer of 10000 characters into the Name field during dashboard creation to trigger an...

CVE-2019-25592

PHPRunner 10.1 is affected by a local Denial of Service vulnerability: an attacker can crash the application by supplying an excessively long string (about 10,000 characters) in the dashboard Name field during creation. The issue is confirmed across multiple sources (NVD/CVE records). Impact is c...

CVE-2019-25592 PHPRunner 10.1 Denial of Service via Dashboard Name Field

PHPRunner 10.1 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the dashboard name field. Attackers can paste a buffer of 10000 characters into the Name field during dashboard creation to trigger an...

CVE-2019-25592

PHPRunner 10.1 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the dashboard name field. Attackers can paste a buffer of 10000 characters into the Name field during dashboard creation to trigger an...

PT-2026-26980

PHPRunner 10.1 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the dashboard name field. Attackers can paste a buffer of 10000 characters into the Name field during dashboard creation to trigger an...

XLineSoft PHPRunner 安全漏洞

XLineSoft PHPRunner is a development tool developed by XLineSoft Corporation in the United States. It is used for quickly creating data-driven web applications based on PHP. Version XLineSoft PHPRunner 10.1 contains a security vulnerability. This vulnerability stems from a denial-of-service...

EUVD-2025-19851

Malicious code in bioql PyPI...

EUVD-2022-38494

Malicious code in bioql PyPI...

Endress+Hauser MEAC300-FNADE4 安全漏洞

The Endress+Hauser MEAC300-FNADE4 is a cost-effective emissions data management computer from Endress+Hauser Vietnam. The Endress+Hauser MEAC300-FNADE4 is vulnerable to a cross-site scripting vulnerability due to improper validation of user input via dashboard name. An attacker could exploit the...

REDCap 安全漏洞

REDCap is a data collection and management web application from REDCap Open Source. A security vulnerability exists in REDCap 15.0.0 and earlier versions, which stems from a lack of sufficient input validation of the Project Dashboard name field, making it vulnerable to a stored cross-site...

CVE-2022-35612

A cross-site scripting XSS vulnerability in MQTTRoute v3.3 and below allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the dashboard name text field...

MQTT 跨站脚本漏洞

MQTT Message Queuing Telemetry Transport is an ISO standard ISO/IEC PRF 20922 based on the Publish/Subscribe paradigm of messaging protocols, which works on the TCP/IP family of protocols, and is designed for remote devices with low hardware performance and poor network conditions. It works on th...

CVE-2022-35612

A cross-site scripting XSS vulnerability in MQTTRoute v3.3 and below allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the dashboard name text field...

CVE-2022-38172

ServiceNow through San Diego Patch 3 allows XSS via the name field during creation of a new dashboard for the Performance Analytics dashboard...

ServiceNow San Diego Patch 跨站脚本漏洞

ServiceNow San Diego Patch is a series of patches from ServiceNow USA. A cross-site scripting vulnerability exists in ServiceNow San Diego Patch 3 and prior versions, which stems from allowing XSS via the name field when creating new dashboards for the Performance Analytics Dashboard...

CVE-2020-24983

An issue was discovered in Quadbase EspressReports ES 7 Update 9. An unauthenticated attacker can create a malicious HTML file that houses a POST request made to the DashboardBuilder within the target web application. This request will utilise the target admin session and perform the authenticate...

LibreNMS Cross-Site Scripting Vulnerability

LibreNMS is an open source network monitoring system based on PHP and MySQL. The system features customizable alerts , auto-discovery of the network environment and automatic updates . A cross-site scripting vulnerability exists in several files in LibreNMS versions prior to 1.44. A remote attack...

Graylog cross-site scripting vulnerability (CNVD-2018-11028)

Graylog is an open source log storage system , it supports the system log syslog saved to MongoDB distributed document storage database. A cross-site scripting vulnerability exists in the dashboard name in versions of Graylog prior to 2.4.4. A remote attacker can exploit this vulnerability to...