Lucene search
+L

27 matches found

snyk
snyk
added 2026/05/05 9:50 p.m.16 views

Cross-site Scripting (XSS)

Overview ip-address is an A library for parsing IPv4 and IPv6 IP addresses in node and the browser. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the group, link, and spanAll functions, as well as the parseMessage field of thrown errors. An attacker can execute...

6.1CVSS5.8AI score0.00471EPSS
Exploits1References2
attackerkb
attackerkb
added 2026/04/07 12:0 a.m.6 views

CVE-2025-70844

yaffa v2.0.0 is vulnerable to Cross Site Scripting XSS. An attacker can inject malicious JavaScript into the "Add Account Group" function on the account-group page, allowing execution of arbitrary script in the context of users who view the affected page...

6.2AI score0.00271EPSS
Exploits0References3
cnnvd
cnnvd
added 2026/03/30 12:0 a.m.12 views

NetSetMan 缓冲区错误漏洞

NetSetMan is a network configuration management tool developed by the German company NetSetMan. Version 4.7.1 of NetSetMan contains a buffer error vulnerability. This vulnerability stems from a buffer overflow in the working group function, which could allow local attackers to cause the applicati...

6.9CVSS6.1AI score0.00221EPSS
Exploits1References4
redhatcve
redhatcve
added 2026/03/26 3:14 p.m.4 views

CVE-2026-26794

GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a SQL injection vulnerability via the addgroup function. This vulnerability allows attackers to execute arbitrary SQL database operations via a crafted HTTP request...

8.8CVSS6.2AI score0.00453EPSS
Exploits1References1
euvd
euvd
added 2026/03/12 6:30 p.m.6 views

EUVD-2026-11625

GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a SQL injection vulnerability via the addgroup function. This vulnerability allows attackers to execute arbitrary SQL database operations via a crafted HTTP request...

6AI score0.00453EPSS
Exploits1References2
osv
osv
added 2026/03/12 6:16 p.m.6 views

CVE-2026-26794

GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a SQL injection vulnerability via the addgroup function. This vulnerability allows attackers to execute arbitrary SQL database operations via a crafted HTTP request...

8.8CVSS6.1AI score0.00453EPSS
Exploits1References1
nvd
nvd
added 2026/03/12 6:16 p.m.13 views

CVE-2026-26794

GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a SQL injection vulnerability via the addgroup function. This vulnerability allows attackers to execute arbitrary SQL database operations via a crafted HTTP request...

8.8CVSS0.00453EPSS
Exploits1References1
attackerkb
attackerkb
added 2026/03/12 12:0 a.m.2 views

CVE-2026-26794

GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a SQL injection vulnerability via the addgroup function. This vulnerability allows attackers to execute arbitrary SQL database operations via a crafted HTTP request...

6AI score0.00453EPSS
Exploits1References2
cnnvd
cnnvd
added 2026/03/12 12:0 a.m.9 views

GL-iNet GL-AR300M16 安全漏洞

GL-iNet GL-AR300M16 is a portable mini router produced by the Chinese company GL-iNet. The version GL-iNet GL-AR300M16 v4.3.11 contains a security vulnerability. This vulnerability stems from an SQL injection vulnerability in the addgroup function, which may allow for the execution of arbitrary S...

8.8CVSS6.1AI score0.00453EPSS
Exploits1References1
ptsecurity
ptsecurity
added 2026/03/12 12:0 a.m.5 views

PT-2026-25026

GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a SQL injection vulnerability via the add group function. This vulnerability allows attackers to execute arbitrary SQL database operations via a crafted HTTP request...

6AI score0.00453EPSS
Exploits1References4
vulnrichment
vulnrichment
added 2026/03/12 12:0 a.m.7 views

CVE-2026-26794

GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a SQL injection vulnerability via the addgroup function. This vulnerability allows attackers to execute arbitrary SQL database operations via a crafted HTTP request...

6.1AI score0.00453EPSS
Exploits1References1
cvelist
cvelist
added 2026/03/12 12:0 a.m.42 views

CVE-2026-26794

GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a SQL injection vulnerability via the addgroup function. This vulnerability allows attackers to execute arbitrary SQL database operations via a crafted HTTP request...

0.00453EPSS
Exploits1References1
redhatcve
redhatcve
added 2025/05/23 3:30 a.m.8 views

CVE-2023-27059

A cross-site scripting XSS vulnerability in the Edit Group function of ChurchCRM v4.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Edit Group Name text field...

7.8CVSS5.7AI score0.00379EPSS
Exploits1References1
cnnvd
cnnvd
added 2024/10/24 12:0 a.m.3 views

WordPress plugin Contact Form 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting vulnerability...

6.4CVSS5.8AI score0.00304EPSS
Exploits0References3
ptsecurity
ptsecurity
added 2023/12/29 12:0 a.m.7 views

PT-2023-29965

Name of the Vulnerable Software and Affected Versions Solar-Log Base 15 Firmware version 6.0.1 Build 161 Description A stored cross-site scripting XSS vulnerability in the switch group function under the /ilang=DE&b=c smartenergy swgroups endpoint in the web portal allows an attacker to escalate...

5.4CVSS6.2AI score0.00446EPSS
Exploits4References16
nvd
nvd
added 2023/03/16 10:15 p.m.22 views

CVE-2023-27059

A cross-site scripting XSS vulnerability in the Edit Group function of ChurchCRM v4.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Edit Group Name text field...

7.8CVSS5.3AI score0.00379EPSS
Exploits1References1
vulnrichment
vulnrichment
added 2023/03/16 12:0 a.m.11 views

CVE-2023-27059

A cross-site scripting XSS vulnerability in the Edit Group function of ChurchCRM v4.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Edit Group Name text field...

5.3AI score0.00379EPSS
Exploits1References1
cvelist
cvelist
added 2023/03/16 12:0 a.m.35 views

CVE-2023-27059

A cross-site scripting XSS vulnerability in the Edit Group function of ChurchCRM v4.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Edit Group Name text field...

5.4AI score0.00379EPSS
Exploits1References1
osv
osv
added 2022/08/25 2:15 p.m.6 views

CVE-2022-36520

H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack overflow via the function DEleteusergroup...

9.8CVSS5.8AI score0.01011EPSS
Exploits1References1
cnnvd
cnnvd
added 2022/08/01 12:0 a.m.7 views

TCL LinkHub Mesh Wi-Fi 缓冲区错误漏洞

TCL LinkHub Mesh Wi-Fi is a router from TCL Corporation. A security vulnerability exists in TCL LinkHub Mesh Wi-Fi that stems from a stack-based buffer overflow vulnerability in the confsrv addTimeGroup function of TCL LinkHub Mesh Wi-Fi MS1G0001.0014. A specially crafted network packet could...

9.8CVSS8.7AI score0.01061EPSS
Exploits1References3
Rows per page
Query Builder