NeDi Consulting NeDi Cross-Site Scripting Vulnerability (CNVD-2020-44576)

NeDi Consulting NeDi is a suite of open source software that supports the discovery and mapping of network devices from the Swiss company NeDi Consulting. A cross-site scripting vulnerability exists in NeDi Consulting NeDi version 1.9C. The vulnerability can be exploited to execute arbitrary...

CVE-2020-15029

NeDi 1.9C is vulnerable to cross-site scripting XSS attack. The application allows an attacker to execute arbitrary JavaScript code via the Assets-Management.php sn parameter...

CVE-2020-15031

NeDi 1.9C is vulnerable to cross-site scripting XSS attack. The application allows an attacker to execute arbitrary JavaScript code via the Assets-Management.php chg parameter...

Cross site scripting

NeDi 1.9C is vulnerable to cross-site scripting XSS attack. The application allows an attacker to execute arbitrary JavaScript code via the Assets-Management.php chg parameter...

Cross site scripting

NeDi 1.9C is vulnerable to cross-site scripting XSS attack. The application allows an attacker to execute arbitrary JavaScript code via the Assets-Management.php sn parameter...

CVE-2020-15029

CVE-2020-15029 affects NeDi 1.9C, vulnerable to cross-site scripting (XSS) via the Assets-Management.php sn parameter. The issue is a client-side script injection risk in the web UI that could allow arbitrary JavaScript execution in authenticated or guest contexts depending on access, as describe...

CVE-2020-15031

CVE-2020-15031 concerns NeDi 1.9C, where a cross-site scripting (XSS) vulnerability exists in the Assets-Management.php chg parameter, allowing an attacker to execute arbitrary JavaScript code. The vulnerability is documented across multiple sources (NVD entry and Red Hat advisory), specifying th...

CVE-2018-20728

A cross site request forgery CSRF vulnerability in NeDi before 1.7Cp3 allows remote attackers to escalate privileges via User-Management.php...

CVE-2018-20728

A cross site request forgery CSRF vulnerability in NeDi before 1.7Cp3 allows remote attackers to escalate privileges via User-Management.php...

CVE-2018-11579

class-woo-banner-management.php in the MULTIDOTS WooCommerce Category Banner Management plugin 1.1.0 for WordPress has an Unauthenticated Settings Change Vulnerability, related to certain wpajaxnopriv usage. Anyone can change the plugin's setting by simply sending a request with a...

CVE-2017-1000428

flatCore-CMS 1.4.6 is vulnerable to reflected XSS in usermanagement.php due to the use of $SERVER'PHPSELF' to build links and a stored XSS in the admin log panel by specifying a malformed User-Agent string...

CVE-2005-2312

management.php in Realnode Emilda 1.2.2 and earlier allows remote attackers to perform actions as other users by modifying the userid parameter...

CVE-2005-2312

Realnode Emilda 1.2.2 and earlier are affected by a vulnerability in management.php that allows remote attackers to perform actions as other users by modifying the user_id parameter. This represents a user-privilege escalation through parameter tampering, enabling potential unauthorized access to...