CVE-2025-15170

A security vulnerability has been detected in Advaya Softech GEMS ERP Portal up to 2.1. This affects an unknown part of the file /home.jsp?isError=true of the component Error Message Handler. The manipulation of the argument Message leads to cross site scripting. It is possible to initiate the...

CVE-2025-15170

A security vulnerability has been detected in Advaya Softech GEMS ERP Portal up to 2.1. This affects an unknown part of the file /home.jsp?isError=true of the component Error Message Handler. The manipulation of the argument Message leads to cross site scripting. It is possible to initiate the...

CVE-2025-15170

Vulnerability summary (CVE-2025-15170) : Advaya Softech GEMS ERP Portal (≤ 2.1) contains a cross-site scripting flaw in the Error Message Handler. The issue arises from improper manipulation of the Message parameter in the file /home.jsp?isError=true, allowing remote exploitation. Public exploit ...

Sql injection

SQL injection in "/Framewrk/Home.jsp" file POST method in tCredence Analytics iDEAL Wealth and Funds - 1.0 iallows authenticated remote attackers to inject payload via "v" parameter...

CVE-2022-30025

CVE-2022-30025 involves an SQL injection in tCredence Analytics iDEAL Wealth and Funds (version 1.0). The vulnerability exposes the POST parameter named v in the URL path "/Framewrk/Home.jsp" to authenticated remote attackers, enabling payload injection and potential data disclosure (as indicated...

CVE-2022-22796

Sysaid – Sysaid System Takeover - An attacker can bypass the authentication process by accessing to: /wmiwizard.jsp, Then to: /ConcurrentLogin.jsp, then click on the login button, and it will redirect you to /home.jsp without any authentication...

CVE-2020-10669

The web application exposed by the Canon Oce Colorwave 500 4.0.0.0 printer is vulnerable to authentication bypass on the page /home.jsp. An unauthenticated attacker able to connect to the device's web interface can get a copy of the documents uploaded by any users. NOTE: this is fixed in the late...

Authentication flaw

The web application exposed by the Canon Oce Colorwave 500 4.0.0.0 printer is vulnerable to authentication bypass on the page /home.jsp. An unauthenticated attacker able to connect to the device's web interface can get a copy of the documents uploaded by any users. NOTE: this is fixed in the late...

CVE-2020-10668

The web application exposed by the Canon Oce Colorwave 500 4.0.0.0 printer is vulnerable to Reflected XSS in /home.jsp. The vulnerable parameter is openSI. NOTE: this is fixed in the latest version...

Cross site scripting

The web application exposed by the Canon Oce Colorwave 500 4.0.0.0 printer is vulnerable to Reflected XSS in /home.jsp. The vulnerable parameter is openSI. NOTE: this is fixed in the latest version...