7 matches found
CVE-2026-11335
The CVE-2026-11335 affects the tittuvarghese CollegeManagementSystem (login-form.php) where the session_start function can be manipulated via UserAuthData, enabling remote session fixation. The flaw is exploitable without user privileges and is evidenced by published exploits; the project reporte...
AndSoft e-TMS OS Command Injection Vulnerability (CNVD-2025-23544)
AndSoft e-TMS is a logistics management software from AndSoft Spain. AndSoft e-TMS suffers from an operating system command injection vulnerability that originates from a misuse of the parameter m in the file /clt/LOGINFRMCAT.ASP, which can be exploited by an attacker to execute operating system...
AndSoft e-TMS 跨站脚本漏洞
AndSoft e-TMS is a logistics management software from AndSoft Spain. AndSoft e-TMS suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameters l, demo, demo2, TNTLOGIN, UO, and SuppConn in the file...
The vulnerability of the algDisable() function in the mod_form.so script of Linksys routers such as RE6250, RE6300, RE6350, RE6500, RE7000, and RE9000 allows a hacker to execute arbitrary code or cause a service failure.
The vulnerability of the algDisable function in the modform.so script of Linksys routers such as RE6250, RE6300, RE6350, RE6500, RE7000, and RE9000 lies in the fact that the operation’s output escapes the buffer in memory. Exploiting this vulnerability allows a malicious actor to execute arbitrar...
Xataface 跨站脚本漏洞
Xataface is a framework for building rich data-driven applications in PHP and MySQL by Steve Hannah, a personal developer. A cross-site scripting vulnerability in Xataface 2.x and prior versions, which stems from the testftp function in the install/installform.js.php file of its Installer...
PT-2021-3932 · Advantech · Advantech R-Seenet
Name of the Vulnerable Software and Affected Versions: Advantech R-SeeNet version 2.4.12 Description: The issue exists in the telnet form.php script functionality, allowing for cross-site scripting vulnerabilities. If a user visits a specially crafted URL, it can lead to arbitrary JavaScript code...
DEBIAN-CVE-2009-4032
Multiple cross-site scripting XSS vulnerabilities in Cacti 0.8.7e allow remote attackers to inject arbitrary web script or HTML via vectors related to 1 graph.php, 2 include/topgraphheader.php, 3 lib/htmlform.php, and 4 lib/timespansettings.php, as demonstrated by the a graphend or b graphstart...