Lucene search
K

237 matches found

CNNVD
CNNVD
added 2022/10/27 12:0 a.m.5 views

GL.iNet GoodCloud 跨站脚本漏洞

GL.iNet GoodCloud is an IoT device management system from China's Guanglian Zhitong GL.iNet. A cross-site scripting vulnerability exists in GL.iNet GoodCloud version 1.00.220412.00, which stems from the presence of multiple stored cross-site scripting XSS vulnerabilities that could allow an...

5.4CVSS5.8AI score0.00451EPSS
Exploits1References2
Cvelist
Cvelist
added 2022/10/27 12:0 a.m.29 views

CVE-2022-42054

Multiple stored cross-site scripting XSS vulnerabilities in GL.iNet GoodCloud IoT Device Management System Version 1.00.220412.00 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Company Name and Description text fields...

5.6AI score0.00451EPSS
Exploits1References1
Cvelist
Cvelist
added 2022/10/27 12:0 a.m.38 views

CVE-2022-42055

Multiple command injection vulnerabilities in GL.iNet GoodCloud IoT Device Management System Version 1.00.220412.00 via the ping and traceroute tools allow attackers to read arbitrary files on the system...

7.1AI score0.01721EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2022/10/27 12:0 a.m.8 views

CVE-2022-42054

Multiple stored cross-site scripting XSS vulnerabilities in GL.iNet GoodCloud IoT Device Management System Version 1.00.220412.00 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Company Name and Description text fields...

5.4AI score0.00451EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2022/10/27 12:0 a.m.9 views

CVE-2022-42055

Multiple command injection vulnerabilities in GL.iNet GoodCloud IoT Device Management System Version 1.00.220412.00 via the ping and traceroute tools allow attackers to read arbitrary files on the system...

6.9AI score0.01721EPSS
Exploits1References1
CVE
CVE
added 2022/10/27 12:0 a.m.51 views

CVE-2022-42054

GL.iNet GoodCloud IoT Device Management System, v1.00.220412.00, contains multiple stored XSS vulnerabilities in the Company Name and Description fields. Root cause: insufficient input sanitization allowing injected scripts/HTML to be stored and later rendered. Impact per sources: potential arbit...

5.4CVSS5.3AI score0.00451EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2022/10/27 12:0 a.m.9 views

PT-2022-26224 · Gl.Inet · Gl.Inet Goodcloud Iot Device Management System

Name of the Vulnerable Software and Affected Versions: GL.iNet GoodCloud IoT Device Management System version 1.00.220412.00 Description: The issue concerns multiple stored cross-site scripting XSS vulnerabilities. These vulnerabilities allow attackers to execute arbitrary web scripts or HTML via...

5.4CVSS5.5AI score0.00451EPSS
Exploits1References3
NVD
NVD
added 2021/12/07 10:15 p.m.19 views

CVE-2021-44148

GL.iNet GL-AR150 2.x before 3.x devices, configured as repeaters, allow cgi-bin/routercgi?action=scanwifi XSS when an attacker creates an SSID with an XSS payload as the name...

6.1CVSS0.00648EPSS
Exploits1References1
CVE
CVE
added 2021/12/07 9:3 p.m.45 views

CVE-2021-44148

GL.iNet GL-AR150 2.x before 3.x devices configured as repeaters are affected by a cross‑site scripting (XSS) vulnerability in cgi-bin/router_cgi?action=scanwifi. An attacker can embed an XSS payload in the SSID name, triggering XSS. This is documented in CVE-2021-44148 (NVD/NVD-derived descriptio...

6.1CVSS6AI score0.00648EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2019/03/21 4:1 p.m.4 views

CVE-2019-6275

Command injection vulnerability in firmwarecgi in GL.iNet GL-AR300M-Lite devices with firmware 2.27 allows remote attackers to execute arbitrary code...

8.8CVSS7.6AI score0.12537EPSS
Exploits4References2
NVD
NVD
added 2019/03/21 4:1 p.m.20 views

CVE-2019-6274

Directory traversal vulnerability in storagecgi in GL.iNet GL-AR300M-Lite devices with firmware 2.27 allows remote attackers to have unspecified impact via directory traversal sequences...

8.8CVSS9AI score0.11239EPSS
Exploits4References2
Prion
Prion
added 2019/03/21 4:1 p.m.16 views

Command injection

Command injection vulnerability in firmwarecgi in GL.iNet GL-AR300M-Lite devices with firmware 2.27 allows remote attackers to execute arbitrary code...

6.5CVSS9AI score0.12537EPSS
Exploits4References2Affected Software1
Prion
Prion
added 2019/03/21 4:1 p.m.21 views

Command injection

Command injection vulnerability in logincgi in GL.iNet GL-AR300M-Lite devices with firmware 2.27 allows remote attackers to execute arbitrary code...

6.5CVSS9AI score0.12537EPSS
Exploits4References2Affected Software1
CVE
CVE
added 2019/03/19 7:53 p.m.60 views

CVE-2019-6275

GL-AR300M-Lite (firmware 2.27) is affected by CVE-2019-6275 due to a command injection vulnerability in the firmware_cgi component, enabling arbitrary code execution. Affected product: GL.iNet GL-AR300M-Lite; vulnerability source: CVE entry and corroborating exploit listings. Technical details ac...

8.8CVSS9AI score0.12537EPSS
Exploits4References2Affected Software1
CVE
CVE
added 2019/03/19 7:49 p.m.66 views

CVE-2019-6274

CVE-2019-6274 affects GL.iNet GL-AR300M-Lite devices with firmware 2.27, due to a directory traversal vulnerability in storage_cgi. The issue allows remote attackers to influence the system via directory traversal sequences (reported impact as unspecified in the CVE description), with exploit ref...

8.8CVSS8.9AI score0.11239EPSS
Exploits4References2Affected Software1
Cvelist
Cvelist
added 2019/03/19 6:51 p.m.38 views

CVE-2019-6273

downloadfile in GL.iNet GL-AR300M-Lite devices with firmware 2.27 allows remote attackers to download arbitrary files...

7.2AI score0.11535EPSS
Exploits4References2
CVE
CVE
added 2019/03/19 6:44 p.m.70 views

CVE-2019-6272

GL-AR300M-Lite devices (firmware 2.27) are affected by CVE-2019-6272 due to a vulnerability in login_cgi that enables authenticated command injection, potentially allowing arbitrary code execution. The issue is triggered after an attacker with prior login access sends crafted requests to login_cg...

8.8CVSS9AI score0.12537EPSS
Exploits4References2Affected Software1
Rows per page
Query Builder