PT-2026-5662

An unauthenticated remote attacker is able to use an existing session id of a logged in user and gain full access to the device if configuration via ethernet is enabled...

EUVD-2025-203875

Cross-site request forgery vulnerability exists in GROWI v7.3.3 and earlier. If a user views a malicious page while logged in, the user may be tricked to do unintended operations...

PT-2025-45159

Name of the Vulnerable Software and Affected Versions SelfBest platform version 2023.3 Description A DOM-based Cross-Site Scripting XSS issue exists in the SelfBest platform. This allows attackers to execute arbitrary JavaScript within a logged-in user's session. The attack vector involves...

EUVD-2021-1354

Malware in sbrugna...

CVE-2025-56432

A cross-site scripting XSS vulnerability exists in Nagios XI 2024R2. The vulnerability allows remote attackers to execute arbitrary JavaScript in the context of a logged-in user's session via a specially crafted URL. The issue resides in a web component responsible for rendering performance-relat...

CVE-2025-56432

A cross-site scripting XSS vulnerability exists in Nagios XI 2024R2. The vulnerability allows remote attackers to execute arbitrary JavaScript in the context of a logged-in user's session via a specially crafted URL. The issue resides in a web component responsible for rendering performance-relat...

CVE-2025-56432

CVE-2025-56432 affects Nagios XI 2024R2. A cross-site scripting (XSS) vulnerability exists in a web component that renders performance-related data, allowing remote attackers to run arbitrary JavaScript in the context of a logged-in user via a specially crafted URL. The PT-2025-34786 entry confir...

CVE-2025-56432

A cross-site scripting XSS vulnerability exists in Nagios XI 2024R2. The vulnerability allows remote attackers to execute arbitrary JavaScript in the context of a logged-in user's session via a specially crafted URL. The issue resides in a web component responsible for rendering performance-relat...

CVE-2025-56432

A cross-site scripting XSS vulnerability exists in Nagios XI 2024R2. The vulnerability allows remote attackers to execute arbitrary JavaScript in the context of a logged-in user's session via a specially crafted URL. The issue resides in a web component responsible for rendering performance-relat...

CVE-2023-36266

An issue was discovered in Keeper Password Manager for Desktop version 16.10.2 fixed in 17.2, and the KeeperFill Browser Extensions version 16.5.4 fixed in 17.2, allows local attackers to gain sensitive information via plaintext password storage in memory after the user is already logged in, and...

CVE-2023-22286

Cross-site request forgery CSRF vulnerability in MAHO-PBX NetDevancer Lite/Uni/Pro/Cloud prior to Ver.1.11.00, MAHO-PBX NetDevancer VSG Lite/Uni prior to Ver.1.11.00, and MAHO-PBX NetDevancer MobileGate Home/Office prior to Ver.1.11.00 allows a remote unauthenticated attacker to hijack the user...

CVE-2022-25778

Cross-Site Request Forgery CSRF vulnerability in Web UI of Secomea GateManager allows phishing attacker to issue get request in logged in user session...

CVE-2022-25778

Cross-Site Request Forgery CSRF vulnerability in Web UI of Secomea GateManager allows phishing attacker to issue get request in logged in user session...

CVE-2022-25781

Cross-site Scripting XSS vulnerability in Web UI of Secomea GateManager allows phishing attacker to inject javascript or html into logged in user session...

Secomea GateManager 跨站脚本漏洞

Secomea GateManager is a remote access server product from the Danish company Secomea. security vulnerabilities exist in versions prior to Secomea GateManager 9.7, which can be exploited by attackers to inject javascript or html into a logged-in user session...

CVE-2020-13992

An issue was discovered in Mods for HESK 3.1.0 through 2019.1.0. A Stored XSS issue allows remote unauthenticated attackers to abuse a helpdesk user's logged in session. A user with sufficient privileges to change their login-page image must open a crafted ticket...

CVE-2019-18375

The ASG and ProxySG management consoles are susceptible to a session hijacking vulnerability. A remote attacker, with access to the appliance management interface, can hijack the session of a currently logged-in user and access the management console...

CVE-2012-2770

The Authen::ExternalAuth extension before 0.11 for Best Practical Solutions RT allows remote attackers to obtain a logged-in session via unspecified vectors related to the "URL of a RSS feed of the user."...

CVE-2012-2770

The Authen::ExternalAuth extension before 0.11 for Best Practical Solutions RT allows remote attackers to obtain a logged-in session via unspecified vectors related to the "URL of a RSS feed of the user."...

CVE-2012-2770

The Authen::ExternalAuth extension before 0.11 for Best Practical Solutions RT allows remote attackers to obtain a logged-in session via unspecified vectors related to the "URL of a RSS feed of the user."...