CVE-2026-10121

A flaw has been found in TRENDnet TEW-432BRP 3.10B20. The impacted element is the function formSetUrlFilter of the file /goform/formSetUrlFilter. This manipulation of the argument keywordlist/keyword causes stack-based buffer overflow. The attack is possible to be carried out remotely. The exploi...

CVE-2023-34941

A stored cross-site scripting XSS vulnerability in the urlFilterList function of Asus RT-N10LX Router v2.0.0.39 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the URL Keyword List text field. NOTE: This vulnerability only affects products that are no...

CVE-2023-34941

A stored cross-site scripting XSS vulnerability in the urlFilterList function of Asus RT-N10LX Router v2.0.0.39 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the URL Keyword List text field. NOTE: This vulnerability only affects products that are no...

CVE-2023-34941

A stored cross-site scripting XSS vulnerability in the urlFilterList function of Asus RT-N10LX Router v2.0.0.39 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the URL Keyword List text field. NOTE: This vulnerability only affects products that are no...

Cross site scripting

UNSUPPORTED WHEN ASSIGNED A stored cross-site scripting XSS vulnerability in the urlFilterList function of Asus RT-N10LX Router v2.0.0.39 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the URL Keyword List text field. NOTE: This vulnerability only...

CVE-2023-34941

A stored cross-site scripting XSS vulnerability in the urlFilterList function of Asus RT-N10LX Router v2.0.0.39 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the URL Keyword List text field. NOTE: This vulnerability only affects products that are no...

CVE-2023-34941

A stored cross-site scripting XSS vulnerability in the urlFilterList function of Asus RT-N10LX Router v2.0.0.39 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the URL Keyword List text field. NOTE: This vulnerability only affects products that are no...

China’s Olympics App Is Horribly Insecure

China is mandating that athletes download and use a health and travel app when they attend the Winter Olympics next month. Citizen Lab examined the app and found it riddled with security holes. Key Findings: MY2022, an app mandated for use by all attendees of the 2022 Olympic Games in Beijing, ha...

CVE-2013-7277

Multiple cross-site scripting XSS vulnerabilities in Andy's PHP Knowledgebase Aphpkb before 0.95.8 allow remote attackers to inject arbitrary web script or HTML via the 1 HTTP Referer header to saa.php, 2 username parameter to login.php, or 3 keywordlist parameter to keysearch.php...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Andy's PHP Knowledgebase Aphpkb before 0.95.8 allow remote attackers to inject arbitrary web script or HTML via the 1 HTTP Referer header to saa.php, 2 username parameter to login.php, or 3 keywordlist parameter to keysearch.php...