Lucene search
+L

7 matches found

CVE
CVE
added 2026/06/05 2:30 p.m.28 views

CVE-2026-11335

The CVE-2026-11335 affects the tittuvarghese CollegeManagementSystem (login-form.php) where the session_start function can be manipulated via UserAuthData, enabling remote session fixation. The flaw is exploitable without user privileges and is evidenced by published exploits; the project reporte...

7.5CVSS6.2AI score0.00232EPSS
Exploits0References6
CNVD
CNVD
added 2025/10/13 12:0 a.m.5 views

AndSoft e-TMS OS Command Injection Vulnerability (CNVD-2025-23544)

AndSoft e-TMS is a logistics management software from AndSoft Spain. AndSoft e-TMS suffers from an operating system command injection vulnerability that originates from a misuse of the parameter m in the file /clt/LOGINFRMCAT.ASP, which can be exploited by an attacker to execute operating system...

9.8CVSS8AI score0.01416EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/10/02 12:0 a.m.9 views

AndSoft e-TMS 跨站脚本漏洞

AndSoft e-TMS is a logistics management software from AndSoft Spain. AndSoft e-TMS suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameters l, demo, demo2, TNTLOGIN, UO, and SuppConn in the file...

6.1CVSS6.4AI score0.00181EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2025/08/13 12:0 a.m.13 views

The vulnerability of the algDisable() function in the mod_form.so script of Linksys routers such as RE6250, RE6300, RE6350, RE6500, RE7000, and RE9000 allows a hacker to execute arbitrary code or cause a service failure.

The vulnerability of the algDisable function in the modform.so script of Linksys routers such as RE6250, RE6300, RE6350, RE6500, RE7000, and RE9000 lies in the fact that the operation’s output escapes the buffer in memory. Exploiting this vulnerability allows a malicious actor to execute arbitrar...

9CVSS8.3AI score0.00945EPSS
Exploits1References4Affected Software6
CNNVD
CNNVD
added 2023/01/05 12:0 a.m.4 views

Xataface 跨站脚本漏洞

Xataface is a framework for building rich data-driven applications in PHP and MySQL by Steve Hannah, a personal developer. A cross-site scripting vulnerability in Xataface 2.x and prior versions, which stems from the testftp function in the install/installform.js.php file of its Installer...

6.1CVSS4.2AI score0.00507EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2021/07/15 12:0 a.m.18 views

PT-2021-3932 · Advantech · Advantech R-Seenet

Name of the Vulnerable Software and Affected Versions: Advantech R-SeeNet version 2.4.12 Description: The issue exists in the telnet form.php script functionality, allowing for cross-site scripting vulnerabilities. If a user visits a specially crafted URL, it can lead to arbitrary JavaScript code...

9.6CVSS7.7AI score0.12293EPSS
Exploits1References5
OSV
OSV
added 2009/11/29 1:7 p.m.4 views

DEBIAN-CVE-2009-4032

Multiple cross-site scripting XSS vulnerabilities in Cacti 0.8.7e allow remote attackers to inject arbitrary web script or HTML via vectors related to 1 graph.php, 2 include/topgraphheader.php, 3 lib/htmlform.php, and 4 lib/timespansettings.php, as demonstrated by the a graphend or b graphstart...

4.3CVSS5.7AI score0.05739EPSS
Exploits6References1
Rows per page
Query Builder