1177 matches found
The vulnerability in the web interface of the operating system PAN-OS, which allows a perpetrator to execute arbitrary commands
The vulnerability in the web interface of the operating system PAN-OS is related to the lack of measures taken to clean data at the management level. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands with root privileges...
Cross-Site Scripting (XSS)
barryvdh/laravel-translation-manager is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to incorrect input validation and sanitization of user-input data, allowing attackers to inject arbitrary HTML or JavaScript code...
CVE-2025-48489
CVE-2025-48489 affects FreeScout (PHP/Laravel) prior to version 1.8.180. The issue is a Cross-Site Scripting (XSS) vulnerability caused by insufficient data validation and sanitization during data reception. Evidence across multiple sources confirms the vulnerability and notes that it has been pa...
Simple Klaro - Moderately critical - Cross Site Scripting - SA-CONTRIB-2025-073
The "Simple Klaro" module adds the "Klaro! A Simple Consent Manager" to your website and allows you to configure it according to your needs in the Drupal backend. The module doesn't sufficiently sanitise data attributes allowing persistent Cross Site Scripting XSS attacks. This vulnerability is...
CVE-2023-28637
DataEase is an open source data visualization analysis tool. In Dataease users are normally allowed to modify data and the data sources are expected to properly sanitize data. The AWS redshift data source does not provide data sanitization which may lead to remote code execution. This vulnerabili...
Remote Code Execution (RCE)
srfeuserregister is vulnerable to Remote Code Execution. The vulnerability is due to improper input validation and insufficient sanitization of user-supplied data, which allows attackers to inject and execute arbitrary PHP code on the server...
The vulnerability of the formSysCmd function in the microprogramming software of the D-Link DIR-600L router allows a hacker to execute arbitrary commands.
The vulnerability of the formSysCmd function in the microprogramming system of the D-Link DIR-600L router is related to the lack of measures taken to clean data at the management level. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands using the host parameter...
The vulnerability of the formSetSambaConf() function in the Tenda AC9 router software allows a hacker to execute arbitrary code.
The vulnerability of the formSetSambaConf function in the Tenda AC9 router software is related to the lack of measures taken to clean data at the management level. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of the wake_on_lan function in D-Link DIR-600L router software allows a hacker to execute arbitrary commands.
The vulnerability of the wakeonlan function in D-Link DIR-600L router software lies in the lack of measures taken to clean data at the management level. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands using the host parameter...
CVE-2022-2146
The Import CSV Files WordPress plugin through 1.0 does not sanitise and escaped imported data before outputting them back in a page, and is lacking CSRF check when performing such action as well, resulting in a Reflected Cross-Site Scripting...
CVE-2022-1546
The WooCommerce - Product Importer WordPress plugin through 1.5.2 does not sanitise and escape the imported data before outputting it back in the page, leading to a Reflected Cross-Site Scripting...
CVE-2022-1416
Missing sanitization of data in Pipeline error messages in GitLab CE/EE affecting all versions starting from 1.0.2 before 14.8.6, all versions from 14.9.0 before 14.9.4, and all versions from 14.10.0 before 14.10.1 allows for rendering of attacker controlled HTML tags and CSS styling...
CVE-2022-36325
Affected devices do not properly sanitize data introduced by an user when rendering the web interface. This could allow an authenticated remote attacker with administrative privileges to inject code and lead to a DOM-based XSS...
CVE-2022-2593
The Better Search Replace WordPress plugin before 1.4.1 does not properly sanitise and escape table data before inserting it into a SQL query, which could allow high privilege users to perform SQL Injection attacks...
CVE-2022-1023
The Podcast Importer SecondLine WordPress plugin before 1.3.8 does not sanitise and properly escape some imported data, which could allow SQL injection attacks to be performed by imported a malicious podcast file...
CVE-2021-37365
CTparental before 4.45.03 is vulnerable to cross-site scripting XSS in the CTparental admin panel. In blcategireshelp.php, the 'categories' variable is assigned with the content of the query string param 'cat' without sanitization or encoding, enabling an attacker to inject malicious code into th...
CVE-2021-25066
The Ninja Forms Contact Form WordPress plugin before 3.6.10 does not sanitize and escape some imported data, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
CVE-2021-41844
Crocoblock JetEngine before 2.9.1 does not properly validate and sanitize form data...
CVE-2021-35502
app/View/Elements/genericElements/IndexTable/Fields/genericfield.ctp in MISP 2.4.144 does not sanitize certain data related to generic-template:index...
CVE-2021-24624
The MP3 Audio Player for Music, Radio & Podcast by Sonaar WordPress plugin before 2.4.2 does not properly sanitize or escape data in some of its Playlist settings, allowing high privilege users to perform Cross-Site Scripting attacks...