CVE-2026-4862

A security vulnerability has been detected in UTT HiPER 1250GW up to 3.2.7-210907-180535. This issue affects the function strcpy of the file /goform/formConfigDnsFilterGlobal of the component Parameter Handler. Such manipulation of the argument GroupName leads to buffer overflow. The attack can b...

CVE-2026-4862

A security vulnerability has been detected in UTT HiPER 1250GW up to 3.2.7-210907-180535. This issue affects the function strcpy of the file /goform/formConfigDnsFilterGlobal of the component Parameter Handler. Such manipulation of the argument GroupName leads to buffer overflow. The attack can b...

PT-2026-26627

A vulnerability was identified in UTT HiPER 1250GW up to 3.2.7-210907-180535. Affected is the function strcpy of the file /goform/setSysAdm. Such manipulation of the argument GroupName leads to buffer overflow. It is possible to launch the attack remotely. The exploit is publicly available and...

CVE-2026-26724

Cross Site Scripting vulnerability in Key Systems Inc Global Facilities Management Software v. 20230721a allows a remote attacker to execute arbitrary code via the selectgroup and gn parameters on the /?Function=Groups endpoint...

CVE-2026-2070

A vulnerability has been found in UTT 进取 520W 1.7.7-180627. The affected element is the function strcpy of the file /goform/formPolicyRouteConf. Such manipulation of the argument GroupName leads to buffer overflow. The attack can be executed remotely. The exploit has been disclosed to the public...

UTT 1200GW Buffer Overflow Vulnerability (CNVD-2026-00811)

The UTT 1200GW is an enterprise-grade wireless router from Atech Technology UTT designed to meet the networking needs of small to medium-sized businesses or large space office environments. The UTT 1200GW suffers from a buffer overflow vulnerability that originates from the failure of the paramet...

CVE-2025-41038

A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'dataGroupname' parameter in /apprain/admin/managegroup/add/...

CVE-2025-41038 Stored Cross-Site Scripting vulnerability in appRain CMF

A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'dataGroupname' parameter in /apprain/admin/managegroup/add/...

CVE-2025-41038

CVE-2025-41038 concerns appRain CMF v4.0.5, where a stored authenticated XSS flaw exists due to insufficient validation of input in the endpoint /apprain/admin/managegroup/add/ (parameter: data[Group][name]). The issue, documented across multiple sources, allows injected scripts to be stored and ...

CVE-2025-41038 Stored Cross-Site Scripting vulnerability in appRain CMF

A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'dataGroupname' parameter in /apprain/admin/managegroup/add/...

Cross-site Scripting (XSS)

librenms/librenms is vulnerable to Stored Cross-Site Scripting XSS. The vulnerability is due to insufficient input sanitization in the group name parameter of the /poller/groups form, which allows attackers to inject malicious scripts...

CVE-2025-47931

LibreNMS is PHP/MySQL/SNMP based network monitoring software. LibreNMS v25.4.0 and prior suffers from a Stored Cross-Site Scripting XSS Vulnerability in the group name parameter of the http://localhost/poller/groups form. This vulnerability allows attackers to inject malicious scripts into web...

Cross-site Scripting (XSS)

Overview librenms/librenms is a fully featured network monitoring system that provides a wealth of features and device support. Affected versions of this package are vulnerable to Cross-site Scripting XSS through the group name parameter of the http://localhost/poller/groups form. An attacker can...

PT-2025-21798 · Librenms · Librenms

Name of the Vulnerable Software and Affected Versions: LibreNMS versions prior to 25.5.0 Description: The issue is a Stored Cross-Site Scripting XSS vulnerability that affects the group name parameter of the "http://localhost/poller/groups" form. This allows attackers to inject malicious scripts...

CVE-2021-24561

The WP SMS WordPress plugin before 5.4.13 does not sanitise the "wpgroupname" parameter before outputting it back in the "Groups" page, leading to an Authenticated Stored Cross-Site Scripting issue...

EyesOfNetwork add_modify_group.php SQL Injection Vulnerability

EyesOfNetwork EON is an open source, free IT monitoring solution. The solution provides business process configuration tools, generating pop-up windows when events occur in the active queue, etc. EyesOfNetwork web interface aka eonweb is one of the web interfaces. A SQL injection vulnerability...

Sql injection

SQL injection vulnerability vulnerability in the EyesOfNetwork web interface aka eonweb 5.1-0 allows remote authenticated administrators to execute arbitrary SQL commands via the groupname parameter to module/admingroup/addmodifygroup.php for insertgroup and updategroup...

CVE-2011-5299

Multiple cross-site scripting XSS vulnerabilities in poMMo Aardvark PR16.1 allow remote attackers to inject arbitrary web script or HTML via 1 the referer parameter to index.php, 2 the sitename parameter to admin/setup/config/general.php, 3 the groupname parameter to...