Mozilla Firefox Information Disclosure Vulnerability (CNVD-2020-73178)

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. An information disclosure vulnerability exists in Mozilla Firefox, which stems from a stream-based technique that allows an attacker to obtain information about other hosts on the intranet of a local...

Cross site scripting

An XSS vulnerability on Technicolor TC7300 STFA.51.20 devices allows remote attackers to inject arbitrary web script via the "Connected Clients" field to /wlanAccess.asp. An intranet host can use a crafted hostname to exploit this...

CVE-2019-17524

CVE-2019-17524 describes an XSS vulnerability affecting Technicolor TC7300 STFA.51.20 devices. The issue stems from the web interface where an attacker can inject arbitrary script via the "Connected Clients" field to /wlanAccess.asp; an intranet host can exploit this with a crafted hostname. Mult...

CVE-2019-17524

An XSS vulnerability on Technicolor TC7300 STFA.51.20 devices allows remote attackers to inject arbitrary web script via the "Connected Clients" field to /wlanAccess.asp. An intranet host can use a crafted hostname to exploit this...

SSRF Vulnerability in Jspxcms Enterprise Open Source Web Content Management System

jspxcms is an open source, Java-based content management system CMS. An SSRF vulnerability exists in the source and upfile parameters of the classes\com\jspxcms\core\web\fore\UploadController.java file in Jspxcms, which allows an attacker to initiate a request to an intranet host to obtain the...

CVE-2014-4746

CVE-2014-4746 affects IBM WebSphere Portal: 8.0.0 before 8.0.0.1 CF13 and 8.5.0 through CF01. The issue arises from returning different error codes for firewall-traversal requests based on whether the intranet host exists, enabling remote attackers to map the intranet network via a series of requ...