CVE-2018-25316

CVE-2018-25316 affects Tenda W308R v2 (firmware V5.07.48). The issue is a cookie session weakness where insufficient session validation allows unauthenticated attackers to modify DNS settings via the goform/AdvSetDns endpoint by sending a crafted admin language cookie, enabling DNS changes that r...

CVE-2025-41357 Reflected Cross-Site Scripting on Anon Proxy Server

Reflected Cross-Site Scripting XSS vulnerability in Anon Proxy Server v0.104. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending him/her a malicious URL. This vulnerability can be exploited to steal sensitive user data, such as session cookies, or ...

PT-2025-44168

Name of the Vulnerable Software and Affected Versions IPFire versions prior to 2.29 Core Update 198 Description The software contains a stored cross-site scripting XSS issue that allows an authenticated attacker to inject arbitrary JavaScript code. This is achieved by manipulating the SERVICE,...

PT-2025-44177

Name of the Vulnerable Software and Affected Versions IPFire versions prior to 2.29 Core Update 198 Description IPFire versions prior to 2.29 Core Update 198 are susceptible to a stored cross-site scripting XSS issue. An authenticated attacker can inject arbitrary JavaScript code through the TLS...