143 matches found
CVE-2025-29306
An issue in FoxCMS v.1.2.5 allows a remote attacker to execute arbitrary code via the case display page in the index.html component...
CVE-2025-29306
An issue in FoxCMS v.1.2.5 allows a remote attacker to execute arbitrary code via the case display page in the index.html component...
PT-2025-13394
Name of the Vulnerable Software and Affected Versions FoxCMS version 1.2.5 Description An issue in FoxCMS allows a remote attacker to execute arbitrary code via the case display page in the index.html component. The vulnerability is related to a remote code execution issue. Recommendations For...
FoxCMS 代码注入漏洞
FoxCMS is a free commercial open source content management system from China Qianxu FoxCMS company. A security vulnerability exists in FoxCMS version 1.2.5, which originates from the index.html component that allows execution of arbitrary code...
CVE-2025-29306
FoxCMS v1.2.5 (and older) contains CVE-2025-29306, a remote code execution via the id parameter on /images/index.html caused by unsafe handling of user input (unserialize()). Unauthenticated attackers can trigger arbitrary PHP code, potentially leading to full server compromise. Affected endpoint...
CVE-2025-26206
Cross Site Request Forgery vulnerability in sell done storefront v.1.0 allows a remote attacker to escalate privileges via the index.html component...
CVE-2025-26206
Cross Site Request Forgery vulnerability in sell done storefront v.1.0 allows a remote attacker to escalate privileges via the index.html component...
CVE-2024-31973
Hitron CODA-4582 2AHKM-CODA4589 devices (firmware version 7.2.4.5.1b8) are affected by CVE-2024-31973, a stored XSS vulnerability in the SSID field of the /index.html#wireless_basic page. The issue allows a remote attacker within Wi‑Fi proximity to inject script via the Network Name (SSID) input,...
CVE-2024-31973
Hitron CODA-4582 2AHKM-CODA4589 7.2.4.5.1b8 devices allow a remote attacker within Wi-Fi proximity to conduct stored XSS attacks via the 'Network Name SSID' input fields to the /index.htmlwirelessbasic page...
CVE-2024-8337
A vulnerability, which was classified as problematic, has been found in SourceCodester Contact Manager with Export to VCF 1.0. Affected by this issue is some unknown functionality of the file index.html. The manipulation of the argument contactname leads to cross site scripting. The attack may be...
CVE-2024-8337 SourceCodester Contact Manager with Export to VCF index.html cross site scripting
A vulnerability, which was classified as problematic, has been found in SourceCodester Contact Manager with Export to VCF 1.0. Affected by this issue is some unknown functionality of the file index.html. The manipulation of the argument contactname leads to cross site scripting. The attack may be...
CVE-2024-8337
The CVE-2024-8337 entry affects SourceCodester Contact Manager with Export to VCF 1.0. The vulnerability is a Cross-Site Scripting in the index.html, caused by manipulating the contact_name argument. Affected functionality is unknown in detail across sources, but multiple documents state the issu...
CVE-2024-42939
CVE-2024-42939 affects YZNCMS v1.4.2, specifically the /index/index.html component. The vulnerability is a cross-site scripting (XSS) flaw that allows an attacker to inject arbitrary web scripts or HTML via a crafted payload placed in the configured remarks text field. Public details confirm the ...
httpd security update
2.4.57-11.0.1.el94.1 - Replace index.html with Oracle's index page oracleindex.html. 2.4.57-11.1 - Resolves: RHEL-46047 - httpd: Security issues via backend applications whose response headers are malicious or exploitable CVE-2024-38476 - Resolves: RHEL-53021 - Regression introduced by...
httpd:2.4 security update
httpd 2.4.37-65.0.1.1 - Replace index.html with Oracle's index page oracleindex.html 2.4.37-65.1 - Resolves: RHEL-45812 - httpd:2.4/httpd: Substitution encoding issue in modrewrite CVE-2024-38474 - Resolves: RHEL-45785 - httpd:2.4/httpd: Encoding problem in modproxy CVE-2024-38473 - Resolves:...
CVE-2024-37681
An issue the background management system of Shanxi Internet Chuangxiang Technology Co., Ltd v1.0.1 allows a remote attacker to cause a denial of service via the index.html component...
Shanxi Internet Chuangxiang Technology the background management system security vulnerability
Shanxi Internet Chuangxiang Technology the background management system is a background management system of Shanxi Internet Chuangxiang Technology. A security vulnerability exists in Shanxi Internet Chuangxiang Technology the background management system version v1.0.1, which could allow a remot...
CVE-2024-37681
The CVE-2024-37681 entry concerns Shanxi Internet Chuangxiang Technology Co., Ltd. v1.0.1. Multiple sources (NVD/Red Hat/CNNVD/CVE list) confirm a DoS condition that can be triggered remotely via the index.html component of the background management system. The vulnerability is described as an is...
CVE-2024-28823
Amazon AWS aws-js-s3-explorer aka AWS JavaScript S3 Explorer 1.0.0 allows XSS via a crafted S3 bucket name to index.html...
CVE-2024-28823
Amazon AWS aws-js-s3-explorer aka AWS JavaScript S3 Explorer 1.0.0 allows XSS via a crafted S3 bucket name to index.html...