Lucene search
K

310 matches found

ATTACKERKB
ATTACKERKB
added 2026/02/15 1:58 p.m.6 views

CVE-2019-25371

OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by exploiting insufficient input validation in the host parameter. Attackers can submit crafted POST requests to the diagping.php endpoint with script payloads i...

6.1CVSS5.5AI score0.00241EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2026/02/15 1:58 p.m.24 views

CVE-2019-25371

CVE-2019-25371 affects OPNsense 19.1. It is a reflected cross-site scripting vulnerability in the diag_ping.php endpoint where insufficient input validation on the host parameter allows unauthenticated users to submit crafted POST requests and execute arbitrary JavaScript in other users’ browsers...

6.1CVSS5.5AI score0.00241EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2026/02/15 1:58 p.m.31 views

CVE-2019-25371 OPNsense 19.1 Reflected XSS via diag_ping.php

OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by exploiting insufficient input validation in the host parameter. Attackers can submit crafted POST requests to the diagping.php endpoint with script payloads i...

6.1CVSS0.00241EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/02/15 12:0 a.m.10 views

PT-2026-8244

OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by exploiting insufficient input validation in the host parameter. Attackers can submit crafted payloads through POST requests to diag traceroute.php to execute...

6.1CVSS5.5AI score0.00241EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/02/15 12:0 a.m.13 views

PT-2026-8243

OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by exploiting insufficient input validation in the host parameter. Attackers can submit crafted POST requests to the diag ping.php endpoint with script payloads ...

6.1CVSS5.5AI score0.00241EPSS
Exploits1References5
CNNVD
CNNVD
added 2026/02/15 12:0 a.m.7 views

Deciso OPNsense 跨站脚本漏洞

Deciso OPNsense is a set of open-source firewall and routing software based on FreeBSD developed by the Dutch company Deciso. Version Decivo OPNsense 19.1 contains a cross-site scripting vulnerability. This vulnerability stems from insufficient input validation for the host parameter in the...

6.1CVSS5.9AI score0.00241EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/02/15 12:0 a.m.9 views

Deciso OPNsense 跨站脚本漏洞

Deciso OPNsense is a firewall and router operating system developed by the Dutch company Deciso. Version 19.1 of Decivo OPNsense contains a cross-site scripting vulnerability. This vulnerability stems from insufficient input validation for the host parameter in the diagping.php endpoint, which ma...

6.1CVSS5.9AI score0.00241EPSS
Exploits1References4
NVD
NVD
added 2026/01/30 5:16 p.m.3 views

CVE-2020-36966

Dolibarr 11.0.3 contains a persistent cross-site scripting vulnerability in LDAP synchronization settings that allows attackers to inject malicious scripts through multiple parameters. Attackers can exploit the host, slave, and port parameters in /dolibarr/admin/ldap.php to execute arbitrary...

6.4CVSS0.00244EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/01/30 5:16 p.m.4 views

CVE-2020-36966

Dolibarr 11.0.3 contains a persistent cross-site scripting vulnerability in LDAP synchronization settings that allows attackers to inject malicious scripts through multiple parameters. Attackers can exploit the host, slave, and port parameters in /dolibarr/admin/ldap.php to execute arbitrary...

6.4CVSS5.9AI score0.00244EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/01/30 4:32 p.m.6 views

CVE-2026-1689 Tenda HG10 Login formLogin checkUserFromLanOrWan command injection

A vulnerability was detected in Tenda HG10 USHG7HG9HG10re300001138enxpon. The impacted element is the function checkUserFromLanOrWan of the file /boaform/admin/formLogin of the component Login Interface. The manipulation of the argument Host results in command injection. The attack can be launche...

7.5CVSS7AI score0.02537EPSS
Exploits1References6
Cvelist
Cvelist
added 2026/01/30 4:32 p.m.36 views

CVE-2026-1689 Tenda HG10 Login formLogin checkUserFromLanOrWan command injection

A vulnerability was detected in Tenda HG10 USHG7HG9HG10re300001138enxpon. The impacted element is the function checkUserFromLanOrWan of the file /boaform/admin/formLogin of the component Login Interface. The manipulation of the argument Host results in command injection. The attack can be launche...

7.5CVSS0.02537EPSS
Exploits1References6
Vulnrichment
Vulnrichment
added 2026/01/30 4:16 p.m.3 views

CVE-2020-36966 Dolibarr 11.0.3 - 'ldap.php' - Persistent Cross-Site Scripting

Dolibarr 11.0.3 contains a persistent cross-site scripting vulnerability in LDAP synchronization settings that allows attackers to inject malicious scripts through multiple parameters. Attackers can exploit the host, slave, and port parameters in /dolibarr/admin/ldap.php to execute arbitrary...

6.4CVSS6AI score0.00244EPSS
Exploits0References3
CVE
CVE
added 2026/01/30 4:16 p.m.22 views

CVE-2020-36966

CVE-2020-36966 affects Dolibarr 11.0.3: a persistent XSS in LDAP synchronization (/dolibarr/admin/ldap.php) allows injection via host, slave, and port parameters, enabling arbitrary JavaScript execution and potential cookie theft. Public sources describe the vulnerability; no patch details are pr...

6.4CVSS6AI score0.00244EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/01/30 4:16 p.m.43 views

CVE-2020-36966 Dolibarr 11.0.3 - 'ldap.php' - Persistent Cross-Site Scripting

Dolibarr 11.0.3 contains a persistent cross-site scripting vulnerability in LDAP synchronization settings that allows attackers to inject malicious scripts through multiple parameters. Attackers can exploit the host, slave, and port parameters in /dolibarr/admin/ldap.php to execute arbitrary...

6.4CVSS0.00244EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/01/30 12:0 a.m.25 views

PT-2026-5411

Dolibarr 11.0.3 contains a persistent cross-site scripting vulnerability in LDAP synchronization settings that allows attackers to inject malicious scripts through multiple parameters. Attackers can exploit the host, slave, and port parameters in /dolibarr/admin/ldap.php to execute arbitrary...

6.4CVSS6AI score0.00244EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/01/30 12:0 a.m.8 views

Tenda HG10 command injection vulnerability

The Tenda HG10 is a fiber-optic router produced by the Chinese company Tenda. The Tenda HG10 USHG7HG9HG10re300001138enxpon has a command injection vulnerability. This vulnerability stems from incorrect handling of parameters in the files /boaform/admin/formLogin, specifically the parameter Host,...

7.5CVSS7.1AI score0.02537EPSS
Exploits1References7
Hacker One
Hacker One
added 2026/01/20 9:29 p.m.11 views

Weblate: Argument Injection in /manage/ssh/ via host parameter leads to sensitive file disclosure on Weblate

A vulnerability was discovered in the SSH management interface of Weblate, a web-based translation tool. The vulnerability allowed an attacker with administrative privileges to inject command-line arguments into the host parameter, leading to sensitive file disclosure on the server. The vulnerabl...

9.1CVSS5.4AI score0.00447EPSS
Exploits3
RedhatCVE
RedhatCVE
added 2026/01/09 11:50 a.m.7 views

CVE-2009-4717

Multiple cross-site scripting XSS vulnerabilities in Gonafish WebStatCaffe allow remote attackers to inject arbitrary web script or HTML via the 1 host parameter to stat/host.php, nodayshow parameter to 2 mostvisitpage.php and 3 visitorduration.php in stat/, 4 nopagesmost parameter to...

4.3CVSS6AI score0.01303EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/01/07 11:10 p.m.31 views

CVE-2019-25290 INIM Electronics Smartliving SmartLAN/G/SI <=6.x Unauthenticated SSRF via GetImage

Smartliving SmartLAN/G/SI =6.x contains an unauthenticated server-side request forgery vulnerability in the GetImage functionality through the 'host' parameter. Attackers can exploit the onvif.cgi endpoint by specifying external domains to bypass firewalls and perform network enumeration through...

6.9CVSS0.00322EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/01/07 9:35 a.m.9 views

CVE-2019-7326

Self - Stored Cross Site Scripting XSS exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'Host' parameter value in the view console console.php because proper filtration is omitted. This relates to the index.php?view=monitor Host Name...

6.1CVSS5.8AI score0.009EPSS
Exploits1References1
Rows per page
Query Builder