1177 matches found
CVE-2020-7947
An issue was discovered in the Login by Auth0 plugin before 4.0.0 for WordPress. It has numerous fields that can contain data that is pulled from different sources. One issue with this is that the data isn't sanitized, and no input validation is performed, before the exporting of the user data...
CVE-2020-7571
A CWE-79 Multiple Improper Neutralization of Input During Web Page Generation Cross-site Scripting Reflected vulnerability exists in EcoStruxure Building Operation WebReports V1.9 - V3.1 that could cause a remote attacker to inject arbitrary web script or HTML due to incorrect sanitization of use...
CVE-2019-0093
Insufficient data sanitization vulnerability in HECI subsystem for IntelR CSME before versions 11.8.65, 11.11.65, 11.22.65, 12.0.35 and IntelR SPS before version SPSE305.00.04.027.0 may allow a privileged user to potentially enable information disclosure via local access...
In Search of Lost Data: a Study of Flash Sanitization Practices
To avoid the disclosure of personal or corporate data, sanitization of storage devices is an important issue when such devices are to be reused. While poor sanitization practices have been reported for second-hand hard disk drives, it has been reported that data has been found on original storage...
A False Sense of Privacy: Evaluating Textual Data Sanitization beyond Surface-Level Privacy Leakage
Whitepaper called A False Sense Of Privacy: Evaluating Textual Data Sanitization Beyond Surface-Level Privacy Leakage...
BIT-MOODLE-2024-43437 Moodle: xss risk when restoring malicious course backup file
A flaw was found in moodle. Insufficient sanitizing of data when performing a restore could result in a cross-site scripting XSS risk from malicious backup files...
The vulnerability of the web interface of the microprogramming software for routers EDIMAX BR-6478AC allows a hacker to elevate their privileges and execute arbitrary commands.
The vulnerability of the web interface of the microprogrammed software router EDIMAX BR-6478AC is related to the lack of measures taken for data cleaning at the management level. Exploiting this vulnerability can allow a malicious actor to enhance their privileges and execute arbitrary commands...
The vulnerability of the `setUpgradeFW()` function in TOTOLINK T8 router microprogramming software allows a hacker to execute arbitrary commands.
The vulnerability of the setUpgradeFW function in TOTOLINK T8 router microprogramming software is related to the lack of measures taken to clean data at the management level when processing the slaveIpList parameter. Exploiting this vulnerability allows a remote attacker to execute arbitrary...
Cross-site Scripting (XSS)
github.com/beego/beego is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper HTML escaping due to user-controlled data not being sanitized in the RenderForm function...
The vulnerability of the Nextcloud calendar application, a cloud-based software for creating and using Nextcloud data storage, stems from incorrect neutralization of special elements in the output data. This allows attackers to inject arbitrary SMTP commands.
The vulnerability of the Nextcloud calendar application, a cloud-based software for creating and using Nextcloud data storage, is related to incorrect elimination of certain elements in the output data. Exploiting this vulnerability allows an attacker to inject arbitrary SMTP commands remotely...
The vulnerability of the cpython module in the Python programming language allows a perpetrator to execute arbitrary code.
The vulnerability of the cPython programming language in Python is related to the lack of measures taken to clean data at the control level. Exploiting this vulnerability allows an attacker to execute arbitrary code...
GLPI Inventory Plugin Unauthenticated Blind Boolean SQLi
GLPI use auxiliary/gather/glpiinventorypluginunauthsqli msf auxiliaryglpiinventorypluginunauthsqli show actions ...actions... msf auxiliaryglpiinventorypluginunauthsqli set ACTION msf auxiliaryglpiinventorypluginunauthsqli show options ...show and set options... msf...
The vulnerability of the Command Line Interface (CLI) on the Microsoft Azure platform, which allows a hacker to increase their privileges
The vulnerability of the Command Line Interface CLI of the Microsoft Azure platform is related to the lack of measures taken to clean data at the management level. Exploiting this vulnerability can allow an attacker to increase their privileges...
The vulnerability of the telnetd daemon in the microprogramming router Tenda AC15 allows a hacker to execute arbitrary commands.
The vulnerability of the telnetd microprogramming system for Tenda AC15 routers is related to the lack of data cleaning measures at the management level. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands by sending specially crafted requests...
CVE-2025-25190
CVE-2025-25190 affects the ZOO-Project Web Processing Service (WPS) EchoProcess, where user input is echoed without proper sanitization. The vulnerability arises when handling complex inputs (XML, JSON, SVG); processing SVG content returned with image/svg+xml can expose arbitrary JavaScript via a...
CVE-2024-51550
Data Validation / Data Sanitization vulnerabilities in Linux allows unvalidated and unsanitized data to be injected in an Aspect device. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02...
CVE-2024-6365
The Product Table by WBW plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.0.1 via the 'saveCustomTitle' function. This is due to missing authorization and lack of sanitization of appended data in the languages/customTitle.php file. This makes it...
The vulnerability of the telnetd daemon in the microprogramming-based router software of Tenda AC8, AC10, and AC18 allows a hacker to execute arbitrary commands.
The vulnerability of the telnetd microprogramming system for Tenda AC8, AC10, and AC18 routers is related to the lack of measures taken to clean data at the management level. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...
PT-2025-1260 · Tenda · Tenda Ac10 +2
Name of the Vulnerable Software and Affected Versions: Tenda AC8 versions 16.03.10.20 Tenda AC10 versions 16.03.10.20 Tenda AC18 versions 16.03.10.20 Description: A critical issue has been found in the HTTP Request Handler component of the affected devices, specifically in the /goform/telnet file...
The vulnerability in the web interface of the microprogramming software for wireless client bridges from HPE Aruba Networking 501 allows a attacker to execute arbitrary code in the device’s basic operating system.
The vulnerability of the web interface for managing microprogramming software in HPE Aruba Networking 501 wireless client bridges is related to the lack of data cleaning measures at the management level. Exploiting this vulnerability allows a malicious actor to execute arbitrary code in the...