26 matches found
PT-2026-41126
Name of the Vulnerable Software and Affected Versions ClipBucket versions prior to 5.5.3 - 122 Description An SQL Injection SQLi issue exists in the authenticated admin endpoint "admin area/action logs.php". The endpoint processes the type parameter, which is passed to the fetch action logs...
CVE-2026-7635 coreActivity: Activity Logging for WordPress <= 3.0 - Unauthenticated PHP Object Injection via 'user_agent' Log Meta Field
The coreActivity: Activity Logging for WordPress plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.0. This is due to the plugin failing to validate or strip PHP serialization syntax from the User-Agent HTTP header before storing it in the logmeta...
CVE-2025-59115
Windu CMS is vulnerable to Stored Cross-Site Scripting XSS in the logon page where input data has no proper validation. Malicious attacker can inject arbitrary HTML and JS into website, which will be rendered/executed when visiting logs page by admin. Only version 4.1 was tested and confirmed as...
CVE-2025-59115
Windu CMS is vulnerable to Stored Cross-Site Scripting XSS in the logon page where input data has no proper validation. Malicious attacker can inject arbitrary HTML and JS into website, which will be rendered/executed when visiting logs page by admin. Only version 4.1 was tested and confirmed as...
EUVD-2024-37259
Malicious code in bioql PyPI...
CVE-2023-27990
The cross-site scripting XSS vulnerability in Zyxel ATP series firmware versions 4.32 through 5.35, USG FLEX series firmware versions 4.50 through 5.35, USG FLEX 50W firmware versions 4.16 through 5.35, USG20W-VPN firmware versions 4.16 through 5.35, and VPN series firmware versions 4.30 through...
Cross site scripting
A Stored cross-site scripting vulnerability in Jedox 2020.2.5 allows remote, authenticated users to inject arbitrary web script or HTML in the Logs page via the log module 'log'...
CVE-2022-47877
This CVE (CVE-2022-47877) affects Jedox 2020.2.5. Description: a Stored Cross-Site Scripting vulnerability allows remote, authenticated users to inject arbitrary web script or HTML into the Logs page via the log module (log). Impact: allows client-side script execution in users’ browsers when Log...
CVE-2023-27990
The cross-site scripting XSS vulnerability in Zyxel ATP series firmware versions 4.32 through 5.35, USG FLEX series firmware versions 4.50 through 5.35, USG FLEX 50W firmware versions 4.16 through 5.35, USG20W-VPN firmware versions 4.16 through 5.35, and VPN series firmware versions 4.30 through...
CVE-2023-27990
The cross-site scripting XSS vulnerability in Zyxel ATP series firmware versions 4.32 through 5.35, USG FLEX series firmware versions 4.50 through 5.35, USG FLEX 50W firmware versions 4.16 through 5.35, USG20W-VPN firmware versions 4.16 through 5.35, and VPN series firmware versions 4.30 through...
CVE-2023-27990
The cross-site scripting XSS vulnerability in Zyxel ATP series firmware versions 4.32 through 5.35, USG FLEX series firmware versions 4.50 through 5.35, USG FLEX 50W firmware versions 4.16 through 5.35, USG20W-VPN firmware versions 4.16 through 5.35, and VPN series firmware versions 4.30 through...
CVE-2022-45441
A cross-site scripting XSS vulnerability in Zyxel NBG-418N v2 firmware versions prior to V1.00AARP.13C0, which could allow an attacker to store malicious scripts in the Logs page of the GUI on a vulnerable device. A successful XSS attack could force an authenticated user to execute the stored...
Cross site scripting
A cross-site scripting XSS vulnerability in Zyxel NBG-418N v2 firmware versions prior to V1.00AARP.13C0, which could allow an attacker to store malicious scripts in the Logs page of the GUI on a vulnerable device. A successful XSS attack could force an authenticated user to execute the stored...
CVE-2022-45441
A cross-site scripting XSS vulnerability in Zyxel NBG-418N v2 firmware versions prior to V1.00AARP.13C0, which could allow an attacker to store malicious scripts in the Logs page of the GUI on a vulnerable device. A successful XSS attack could force an authenticated user to execute the stored...
PT-2023-1577 · Zyxel · Zyxel Nbg-418N
Name of the Vulnerable Software and Affected Versions: Zyxel NBG-418N v2 firmware versions prior to V1.00AARP.13C0 Description: A cross-site scripting XSS vulnerability exists in the Zyxel NBG-418N v2 firmware, which could allow an attacker to store malicious scripts in the Logs page of the GUI o...
XSS affecting "Logs" Page
Description A review of organizr's logging system found it is possible for an unauthenticated threat actor to inject arbitrary JavaScript into the "Logs" page found within the administrator dashboard. In a default installation organizr is set to log failed login attempts. In these attempts, the...
CVE-2018-1000508
WP ULike version 2.8.1, 3.1 contains a Cross Site Scripting XSS vulnerability in Settings screen that can result in allows unauthorised users to do almost anything an admin can. This attack appear to be exploitable via Admin must visit logs page. This vulnerability appears to have been fixed in 3...
Sql injection
The iThemes Security better-wp-security plugin before 7.0.3 for WordPress allows SQL Injection by attackers with Admin privileges via the logs page...
CVE-2018-12636
The iThemes Security better-wp-security plugin before 7.0.3 for WordPress allows SQL Injection by attackers with Admin privileges via the logs page...
CVE-2018-12636
The iThemes Security better-wp-security plugin before 7.0.3 for WordPress allows SQL Injection by attackers with Admin privileges via the logs page...