CVE-2026-2897

A security vulnerability has been detected in funadmin up to 7.1.0-rc4. This vulnerability affects unknown code of the file app/backend/view/index/index.html of the component Backend Interface. The manipulation of the argument Value leads to cross site scripting. The attack is possible to be...

CVE-2025-11147

Reflected cross-site scripting XSS in Apt-Cacher-NG v3.2.1. The vulnerability allows malicious scripts XSS to be executed in “/html/.html”. Mitigation Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising...

UBUNTU-CVE-2025-11147

Reflected cross-site scripting XSS in Apt-Cacher-NG v3.2.1. The vulnerability allows malicious scripts XSS to be executed in “/html/.html”...

PT-2025-39820

Name of the Vulnerable Software and Affected Versions Apt-Cacher-NG version 3.2.1 Description A reflected cross-site scripting XSS issue exists in the web management application. This allows an attacker to execute malicious scripts. The issue is due to improper handling of GET inputs included in...

Apt-Cacher-NG 跨站脚本漏洞

Apt-Cacher-NG is a cache proxy service from the Apt-Cacher-NG open source. A cross-site scripting vulnerability exists in Apt-Cacher-NG version 3.2.1, which originates in /html/.html and is susceptible to reflective cross-site scripting attacks...

CVE-2025-10787 MuYuCMS Add Fiend Link index.html server-side request forgery

A vulnerability was found in MuYuCMS up to 2.7. Impacted is an unknown function of the file /index/index.html of the component Add Fiend Link Handler. Performing manipulation of the argument Link URL results in server-side request forgery. The attack may be initiated remotely. The exploit has bee...

Wavlink WL-WN578W2 授权问题漏洞

The Wavlink WL-WN578W2 is a wireless repeater from China's Wavlink. An authorization issue vulnerability exists in Wavlink WL-WN578W2 version 221110, which stems from improper privilege management of the parameter newpass/confpass in the file /sysinit.html, which can be exploited by an attacker t...

Linux Distros Unpatched Vulnerability : CVE-2023-4771

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A Cross-Site scripting vulnerability has been found in CKSource CKEditor affecting versions 4.15.1 and earlier. An attacker could send malicious javascript code...

CVE-2025-43761

A reflected cross-site scripting XSS vulnerability in the Liferay Portal 7.4.0 through 7.4.3.131, and Liferay DXP 2024.Q4.0 through 2024.Q4.4, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12 and 7.4 GA through update 92 allows an remote non-authenticated...

CVE-2025-0706

A vulnerability was found in JoeyBling bootplus up to 247d5f6c209be1a5cf10cd0fa18e1d8cc63cf55d and classified as problematic. Affected by this issue is some unknown functionality of the file /admin/sys/admin.html. The manipulation leads to cross site scripting. The attack may be launched remotely...

CVE-2024-13109

A vulnerability was found in Beijing Yunfan Internet Technology Yunfan Learning Examination System 1.9.2. It has been rated as critical. This issue affects some unknown processing of the file /doc.html. The manipulation leads to improper authorization. The attack may be initiated remotely. The...

UBUNTU-CVE-2023-4771

A Cross-Site scripting vulnerability has been found in CKSource CKEditor affecting versions 4.15.1 and earlier. An attacker could send malicious javascript code through the /ckeditor/samples/old/ajax.html file and retrieve an authorized user's information...

CVE-2023-6101

A vulnerability, which was classified as problematic, has been found in Maiwei Safety Production Control Platform 4.1. This issue affects some unknown processing of the file /TC/V2.7/ha.html of the component Intelligent Monitoring. The manipulation leads to information disclosure. The attack may ...

PT-2022-20714 · Proxmox · Proxmox Virtual Environment

Name of the Vulnerable Software and Affected Versions: Proxmox Virtual Environment versions prior to 7.2-3 Description: A reflected cross-site scripting XSS issue allows remote attackers to execute arbitrary web scripts or HTML via non-existent endpoints under the path "/api2/html/". This enables...

CVE-2022-27887

Maccms v10 was discovered to contain a reflected cross-site scripting XSS vulnerability in /admin.php/admin/vod/data.html via the repeat parameter...

CVE-2022-27885

Maccms v10 was discovered to contain multiple reflected cross-site scripting XSS vulnerabilities in /admin.php/admin/website/data.html via the select and input parameters...

CVE-2022-26573

Maccms v10 was discovered to contain multiple reflected cross-site scripting XSS vulnerabilities in /admin.php/admin/art/data.html via the select and input parameters...

3xLogic Infinias eIDC32 Authorization Issues Vulnerability

The 3xLogic Infinias eIDC32 is an access control controller from 3xLogic USA. A security vulnerability exists in the 3xLOGIC Infinias eIDC32 Web version 1.107 using firmware version 32 2.213, which originates from the program's authentication via client-side parsing of the ＜KEY＞MYKEY＜/KEY＞ string...

Arbitrary File Deletion Vulnerability in 'hid_name' in OfficeTen Management System of NetEconomic Technology (Suzhou) Co.

OfficeTen is an enterprise next-generation converged communication product that integrates voice, data, security, and real-time communication applications, developed by Nethru Technology with independent innovation and its own intellectual property rights. Arbitrary file deletion vulnerability...