Lucene search
+L

30 matches found

Cvelist
Cvelist
added 2024/04/15 5:10 p.m.21 views

CVE-2023-43790 iTop vulnerable to XSS in friendlyname in object details

iTop is an IT service management platform. By manipulating HTTP queries, a user can inject malicious content in the fields used for the object friendlyname value. This vulnerability is fixed in 3.1.1 and 3.2.0...

5.7CVSS5.7AI score0.0036EPSS
Exploits0References2
The Hacker News
The Hacker News
added 2023/05/17 10:17 a.m.4 views

Serious Unpatched Vulnerability Uncovered in Popular Belkin Wemo Smart Plugs

The second generation version of Belkin's Wemo Mini Smart Plug has been found to contain a buffer overflow vulnerability that could be weaponized by a threat actor to inject arbitrary commands remotely. The issue, assigned the identifier CVE-2023-27217 , was discovered and reported to Belkin on...

9.8CVSS7.7AI score0.0099EPSS
Exploits1
The Hacker News
The Hacker News
added 2023/05/17 10:17 a.m.46 views

Serious Unpatched Vulnerability Uncovered in Popular Belkin Wemo Smart Plugs

The second generation version of Belkin's Wemo Mini Smart Plug has been found to contain a buffer overflow vulnerability that could be weaponized by a threat actor to inject arbitrary commands remotely. The issue, assigned the identifier CVE-2023-27217, was discovered and reported to Belkin on...

7.8AI score0.0099EPSS
Exploits1
CNVD
CNVD
added 2018/04/02 12:0 a.m.18 views

Twonky Server Cross-Site Scripting Vulnerability

Twonky Server is the industry-leading DLNA/UPnP media server from Lynx Technology that enables the sharing of media content between connected devices. A cross-site scripting vulnerability exists in Twonky Server. A remote attacker can exploit this vulnerability to inject arbitrary web script or...

6.1CVSS6AI score0.02422EPSS
Exploits5References1
OSV
OSV
added 2018/03/30 9:29 p.m.5 views

CVE-2018-7203

Cross-site scripting XSS vulnerability in Twonky Server 7.0.11 through 8.5 allows remote attackers to inject arbitrary web script or HTML via the friendlyname parameter to rpc/setall...

6.1CVSS5.9AI score0.02422EPSS
Exploits5References2
Prion
Prion
added 2018/03/30 9:29 p.m.19 views

Cross site scripting

Cross-site scripting XSS vulnerability in Twonky Server 7.0.11 through 8.5 allows remote attackers to inject arbitrary web script or HTML via the friendlyname parameter to rpc/setall...

4.3CVSS6AI score0.02422EPSS
Exploits5References2Affected Software1
CVE
CVE
added 2018/03/30 9:0 p.m.61 views

CVE-2018-7203

CVE-2018-7203 affects Twonky Server 7.0.11–8.5, with a cross-site scripting (XSS) flaw that allows remote attackers to inject arbitrary web script or HTML via the friendlyname parameter to rpc/set_all. The vulnerability is described in the NVD entry for CVE-2018-7203 and is corroborated by OpenVA...

6.1CVSS6AI score0.02422EPSS
Exploits5References2Affected Software1
NVD
NVD
added 2014/11/06 3:55 p.m.21 views

CVE-2014-8508

Cross-site scripting XSS vulnerability in snetwork.asp in the Denon AVR-3313CI audio/video receiver allows remote attackers to inject arbitrary web script or HTML via unspecified parameters, related to Friendlyname...

4.3CVSS5.7AI score0.00981EPSS
Exploits0References2
Prion
Prion
added 2014/11/06 3:55 p.m.14 views

Cross site scripting

Cross-site scripting XSS vulnerability in snetwork.asp in the Denon AVR-3313CI audio/video receiver allows remote attackers to inject arbitrary web script or HTML via unspecified parameters, related to Friendlyname...

4.3CVSS6.1AI score0.00981EPSS
Exploits0References2
Cvelist
Cvelist
added 2014/11/06 3:0 p.m.29 views

CVE-2014-8508

Cross-site scripting XSS vulnerability in snetwork.asp in the Denon AVR-3313CI audio/video receiver allows remote attackers to inject arbitrary web script or HTML via unspecified parameters, related to Friendlyname...

5.7AI score0.00981EPSS
Exploits0References2
Rows per page
Query Builder