EUVD-2018-8766

Malware in sbrugna...

EUVD-2008-2163

Malware in sbrugna...

EUVD-2004-2022

Malware in sbrugna...

CVE-2025-8203

CVE-2025-8203 affects Jingmen Zeyou Large File Upload Control up to 6.3. The vulnerability is an SQL injection in the /index.jsp file caused by manipulation of the id parameter, enabling remote exploitation. Multiple connected sources confirm a public exploit/disclosure and that vendor contact oc...

Jingmen Zeyou Large File Upload Control 注入漏洞

Jingmen Zeyou Large File Upload Control Zeyou full-platform file transfer solution is a file transfer security storage platform from Jingmen Zeyou Jingmen Zeyou. Jingmen Zeyou Large File Upload Control 6.3 and previous versions have an injection vulnerability, the vulnerability stems from the...

CVE-2024-8526

A vulnerability in Automated Logic WebCTRL 7.0 could allow an attacker to send a maliciously crafted URL, which when visited by an authenticated WebCTRL user, could result in the redirection of the user to a malicious webpage via "index.jsp"...

CVE-2024-8526

CVE-2024-8526 affects Automated Logic WebCTRL 7.0. A authenticated WebCTRL user visiting a specially crafted URL can be redirected to a malicious page via the application’s index.jsp, constituting an Open Redirect (CWE-601). The connected sources describe the vulnerability without providing explo...

CVE-2024-8526 Automated Logic WebCTRL and Carrier i-Vu Open Redirect

A vulnerability in Automated Logic WebCTRL 7.0 could allow an attacker to send a maliciously crafted URL, which when visited by an authenticated WebCTRL user, could result in the redirection of the user to a malicious webpage via "index.jsp"...

PT-2024-39076 · Automated Logic · Automated Logic Webctrl

Name of the Vulnerable Software and Affected Versions: Automated Logic WebCTRL version 7.0 Description: A vulnerability could allow an attacker to send a maliciously crafted URL, which when visited by an authenticated WebCTRL user, could result in the redirection of the user to a malicious webpag...

CVE-2024-1707

A vulnerability, which was classified as problematic, was found in GARO WALLBOX GLB+ T2EV7 0.5. This affects an unknown part of the file /index.jspsettings of the component Software Update Handler. The manipulation of the argument Reference leads to cross site scripting. It is possible to initiat...

GHSA-C5VW-342H-X5RX Alkacon OpenCms Exposes JSP Source Code

system/workplace/editors/editor.jsp in Alkacon OpenCms before 6.2.2 allows remote authenticated users to read the source code of arbitrary JSP files by specifying the file in the resource parameter, as demonstrated using index.jsp...

CVE-2021-27858

A missing authorization vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 allows a remote attacker to access at least the URL "/fpui/jsp/index.jsp" leading to unknown impact, presumably some violation of...

Cross site scripting

openBaraza HCM 3.1.6 does not properly neutralize user-controllable input, which allows reflected cross-site scripting XSS on multiple pages: hr/subscription.jsp and hr/application.jsp and and hr/index.jsp with view= and data=...

CVE-2021-38583

CVE-2021-38583 affects openBaraza HCM 3.1.6, where a failure to properly neutralize user-controllable input enables a reflected XSS vulnerability. The issue is observed on multiple pages (hr/subscription.jsp, hr/application.jsp, and hr/index.jsp with view= and data=). Root cause: inadequate input...

CVE-2021-28126

index.jsp in TranzWare e-Commerce Payment Gateway TWEC PG before 3.1.27.5 had a Stored cross-site scripting XSS vulnerability...

Compass Plus e-Commerce Payment Gateway 跨站脚本漏洞

Compass Plus e-Commerce Payment Gateway is an application interface of the Russian company Compass Plus. It provides an API interface for payment functions. A cross-site scripting vulnerability exists in TranzWare e-Commerce Payment Gateway before 3.1.27.5, which stems from a stored cross-site...

Cross site scripting

Reflected XSS in Quest Policy Authority 8.1.2.200 allows remote attackers to inject malicious code into the browser via a specially crafted link to the /WebCM/Applications/Search/index.jsp file via the added parameter. NOTE: This vulnerability only affects products that are no longer supported by...

CVE-2020-35725

Affected software: Quest Policy Authority 8.1.2.200. Issue: Reflected XSS enabling remote attackers to inject arbitrary script via a crafted link to /WebCM/index.jsp using the msg parameter. Root cause: user-supplied msg value reflected in the page, enabling code execution in the browser. Impact:...

CVE-2020-35719

Reflected XSS in Quest Policy Authority 8.1.2.200 allows remote attackers to inject malicious code into the browser via a specially crafted link to the /WebCM/Applications/Search/index.jsp file via the added parameter. NOTE: This vulnerability only affects products that are no longer supported by...

jobdiva.com Cross Site Scripting vulnerability OBB-1294002

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Affected Website:| jobdiva.com ---|--- Open Bug Bounty...