Online Pet Shop We App 跨站脚本漏洞

Online Pet Shop We App is an online pet store web application by Carlo Montero Personal Developer. A cross-site scripting vulnerability exists in SourceCodester Online Pet Shop We App version 1.0, which stems from the fact that incorrect manipulation of the parameter oid can lead to cross-site...

CVE-2019-11827

Cross-site scripting XSS vulnerability in SYNO.NoteStation.Shard in Synology Note Station before 2.5.3-0863 allows remote attackers to inject arbitrary web script or HTML via the objectid parameter...

PT-2019-12512 · Synology · Note Station

Name of the Vulnerable Software and Affected Versions: Synology Note Station versions prior to 2.5.3-0863 Description: A cross-site scripting issue allows remote attackers to inject arbitrary web script or HTML via the object id parameter. Recommendations: For versions prior to 2.5.3-0863, update...

CVE-2018-13860

MusicCenter / Trivum Multiroom Setup Tool V8.76 - SNR 8604.26 - C4 Professional before V9.34 build 13381 - 12.07.18 allows unauthorized remote attackers to obtain sensitive information via the "/xml/menu/getObjectEditor.xml" URL, using a "?oid=systemSetup&id=0" or "?oid=systemUsers&id=0" GET...

CVE-2018-7765

The vulnerability exists within processing of trackimportexport.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the objectid input parameter...

CVE-2018-8914

SQL injection vulnerability in UPnP DMA in Synology Media Server before 1.7.6-2842 and before 1.4-2654 allows remote attackers to execute arbitrary SQL commands via the ObjectID parameter...