CVE-2025-11190

The Kiwire Captive Portal contains an open redirection issue via the login-url parameter, allowing an attacker to redirect users to an attacker controlled website...

CVE-2025-11190

The Kiwire Captive Portal contains an open redirection issue via the login-url parameter, allowing an attacker to redirect users to an attacker controlled website...

CVE-2025-11190 CVE-2025-11190

The Kiwire Captive Portal contains an open redirection issue via the login-url parameter, allowing an attacker to redirect users to an attacker controlled website...

CVE-2025-11189

CVE-2025-11189 affects the Kiwire Captive Portal. The vulnerability is a reflected cross-site scripting (XSS) flaw in the login-url parameter, enabling JavaScript execution. Documented across multiple feeds (NVD, Red Hat, EUVD/ENISA, CVE lists), with CVSSv3.1 base score 7.3 (HIGH), attack vector ...

PT-2022-27457 · Eyoucms · Eyoucms

Name of the Vulnerable Software and Affected Versions: EyouCMS version 1.6.0 Description: A cross-site scripting XSS issue exists in the Url parameter of the "/login.php" API endpoint, allowing attackers to execute arbitrary web scripts or HTML via a crafted payload. Recommendations: For EyouCMS...