30 matches found
CVE-2023-43790 iTop vulnerable to XSS in friendlyname in object details
iTop is an IT service management platform. By manipulating HTTP queries, a user can inject malicious content in the fields used for the object friendlyname value. This vulnerability is fixed in 3.1.1 and 3.2.0...
Serious Unpatched Vulnerability Uncovered in Popular Belkin Wemo Smart Plugs
The second generation version of Belkin's Wemo Mini Smart Plug has been found to contain a buffer overflow vulnerability that could be weaponized by a threat actor to inject arbitrary commands remotely. The issue, assigned the identifier CVE-2023-27217 , was discovered and reported to Belkin on...
Serious Unpatched Vulnerability Uncovered in Popular Belkin Wemo Smart Plugs
The second generation version of Belkin's Wemo Mini Smart Plug has been found to contain a buffer overflow vulnerability that could be weaponized by a threat actor to inject arbitrary commands remotely. The issue, assigned the identifier CVE-2023-27217, was discovered and reported to Belkin on...
Twonky Server Cross-Site Scripting Vulnerability
Twonky Server is the industry-leading DLNA/UPnP media server from Lynx Technology that enables the sharing of media content between connected devices. A cross-site scripting vulnerability exists in Twonky Server. A remote attacker can exploit this vulnerability to inject arbitrary web script or...
CVE-2018-7203
Cross-site scripting XSS vulnerability in Twonky Server 7.0.11 through 8.5 allows remote attackers to inject arbitrary web script or HTML via the friendlyname parameter to rpc/setall...
Cross site scripting
Cross-site scripting XSS vulnerability in Twonky Server 7.0.11 through 8.5 allows remote attackers to inject arbitrary web script or HTML via the friendlyname parameter to rpc/setall...
CVE-2018-7203
CVE-2018-7203 affects Twonky Server 7.0.11–8.5, with a cross-site scripting (XSS) flaw that allows remote attackers to inject arbitrary web script or HTML via the friendlyname parameter to rpc/set_all. The vulnerability is described in the NVD entry for CVE-2018-7203 and is corroborated by OpenVA...
CVE-2014-8508
Cross-site scripting XSS vulnerability in snetwork.asp in the Denon AVR-3313CI audio/video receiver allows remote attackers to inject arbitrary web script or HTML via unspecified parameters, related to Friendlyname...
Cross site scripting
Cross-site scripting XSS vulnerability in snetwork.asp in the Denon AVR-3313CI audio/video receiver allows remote attackers to inject arbitrary web script or HTML via unspecified parameters, related to Friendlyname...
CVE-2014-8508
Cross-site scripting XSS vulnerability in snetwork.asp in the Denon AVR-3313CI audio/video receiver allows remote attackers to inject arbitrary web script or HTML via unspecified parameters, related to Friendlyname...