CVE-2024-38354 Cross-site Scripting in Hackmd.io Notes lead by HTML Injection

CodiMD allows realtime collaborative markdown notes on all platforms. The notebook feature of Hackmd.io permits the rendering of iframe HTML tags with an improperly sanitized name attribute. This vulnerability enables attackers to perform cross-site scripting XSS attacks via DOM clobbering. This...

Hitachi Energy RTU500 Series Improper Neutralization of Input During Web Page Generation (CVE-2023-5767)

A vulnerability exists in the webserver that affects the RTU500 series product versions listed below. A malicious actor could perform cross- site scripting on the webserver due to an RDT language file being improperly sanitized. This plugin only works with Tenable.ot. Please visit...

Cross site scripting

A vulnerability exists in the webserver that affects the RTU500 series product versions listed below. A malicious actor could perform cross-site scripting on the webserver due to user input being improperly sanitized...

CVE-2023-5767

A vulnerability exists in the webserver that affects the RTU500 series product versions listed below. A malicious actor could perform cross-site scripting on the webserver due to an RDT language file being improperly sanitized...

CVE-2021-20105

Machform prior to version 16 is vulnerable to an open redirect in Safariinit.php due to an improperly sanitized 'ref' parameter...

Open redirect

Machform prior to version 16 is vulnerable to an open redirect in Safariinit.php due to an improperly sanitized 'ref' parameter...

CVE-2021-20105

Machform prior to version 16 is vulnerable to an open redirect in Safariinit.php due to an improperly sanitized 'ref' parameter...

CVE-2019-3984

Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input when the device retrieves updates scripts from the internet...

Input validation

Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input when the device retrieves updates scripts from the internet...

CVE-2019-3984

Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input when the device retrieves updates scripts from the internet...

CVE-2019-3988

Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input when configuring the devices wifi configuration via the bssid parameter...

CVE-2019-3985

Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input when configuring the devices wifi configuration via the ssid parameter...

CVE-2019-3989

Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input when retrieving internal network configuration data...

Command injection

Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input when configuring the devices wifi configuration via the ssid parameter...

Input validation

Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input when retrieving internal network configuration data...

CVE-2019-3987

Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input when configuring the devices wifi configuration via the key parameter...

CVE-2019-3989

The Blink XT2 Sync Module firmware (pre-2.13.11) is affected by CVE-2019-3989, a remote OS command injection due to improper sanitization of internal network data. The vulnerability arises when the device constructs and executes OS commands from external input (notably via get_network()/get_netwo...

CVE-2019-3989

Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input when retrieving internal network configuration data...

Fortinet FortiWeb XSS Vulnerability (FG-IR-17-076)

Fortinet FortiWeb is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Adobe Flash Player <= 18.0.0.232 Multiple Vulnerabilities (APSB15-23)

The version of Adobe Flash Player installed on the remote Windows host is equal or prior to version 18.0.0.232. It is, therefore, affected by multiple vulnerabilities : - An unspecified stack corruption issue exists that allows a remote attacker to execute arbitrary code. CVE-2015-5567,...