11 matches found
CVE-2025-12511
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Centreon Infra Monitoring DSM extenstio configuration modules allows Stored XSS to user with elevated privileges. This issue affects Infra Monitoring: from 25.10.0 before 25.10.1, from 24.10...
EUVD-2026-0857
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Centreon Infra Monitoring DSM extenstio configuration modules allows Stored XSS to user with elevated privileges. This issue affects Infra Monitoring: from 25.10.0 before 25.10.1, from 24.10...
PT-2026-1287
Name of the Vulnerable Software and Affected Versions Centreon Infra Monitoring versions 25.10.0 through 25.10.0 Centreon Infra Monitoring versions 24.10.0 through 24.10.3 Centreon Infra Monitoring versions 24.04.0 through 24.04.7 Description The software contains an Improper Neutralization of...
CVE-2025-61675
FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. In versions prior to 16.0.92 for FreePBX 16 and versions prior to 17.0.6 for FreePBX 17, the Endpoint Manager module contains authenticated SQL injection vulnerabilities affecting multiple parameters in the...
CVE-2025-61675 FreePBX Endpoint Manager vulnerable to authenticated SQL injection in multiple configuration parameters
FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. In versions prior to 16.0.92 for FreePBX 16 and versions prior to 17.0.6 for FreePBX 17, the Endpoint Manager module contains authenticated SQL injection vulnerabilities affecting multiple parameters in the...
CVE-2025-61675
FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. In versions prior to 16.0.92 for FreePBX 16 and versions prior to 17.0.6 for FreePBX 17, the Endpoint Manager module contains authenticated SQL injection vulnerabilities affecting multiple parameters in the...
EUVD-2025-34454
FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. In versions prior to 16.0.92 for FreePBX 16 and versions prior to 17.0.6 for FreePBX 17, the Endpoint Manager module contains authenticated SQL injection vulnerabilities affecting multiple parameters in the...
TYPO3 SQL Injection in dbal
A flaw in the database escaping API results in a SQL injection vulnerability when extension dbal is enabled and configured for MySQL passthrough mode in its extension configuration. All queries which use the DatabaseConnection::sqlquery are vulnerable, even if arguments were properly escaped with...
K75532331: iRulesLX debug NodeJS vulnerability CVE-2019-6644
Security Advisory Description Similar to the issue identified in CVE-2018-12120, the BIG-IP system will bind a debug nodejs process to all interfaces when invoked. This may expose the process to unauthorized users if the plugin is left in debug mode and the port is accessible. CVE-2019-6644 Impac...
OpenConext-EngineBlock 5.7.3 Cross Site Scripting
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 XSS vulnerabilities were found in multiple pages that allows an attacker to inject arbitrary web scripts. The Twig PHP extension configuration was not sanitizing user input before display it to the user. Issues fixed in version 5.7.4 and 5.8.0. Git...
Fedora 20 : ReviewBoard-1.7.17-1.fc20 / python-djblets-0.7.23-1.fc20 (2013-20749)
New upstream security release 1.7.17 - http://www.reviewboard.org/docs/releasenotes/reviewboa rd/1.7.17/ - Resolves: CVE-2013-4519 - Security Fixes : - Fixed XSS vulnerabilities for the 'Branch' field and uploaded file captions. - Added a 'X-Frame-Options' header to prevent clickjacking. - New...