CVE-2023-54343

QWE DL 2.0.1 mobile web application contains a persistent input validation vulnerability allowing remote attackers to inject malicious script code through path parameter manipulation. Attackers can exploit the vulnerability to execute persistent cross-site scripting attacks, potentially leading t...

CVE-2023-54343

QWE DL 2.0.1 mobile web application contains a persistent input validation vulnerability allowing remote attackers to inject malicious script code through path parameter manipulation. Attackers can exploit the vulnerability to execute persistent cross-site scripting attacks, potentially leading t...

PT-2026-5574

QWE DL 2.0.1 mobile web application contains a persistent input validation vulnerability allowing remote attackers to inject malicious script code through path parameter manipulation. Attackers can exploit the vulnerability to execute persistent cross-site scripting attacks, potentially leading t...

GHSA-R7VR-WG3F-8HR9 Concrete5 CMS contains an XPath injection vulnerability

Concrete5 CMS version 9.1.3 contains an XPath injection vulnerability that allows attackers to manipulate URL path parameters with malicious payloads. Attackers can flood the system with crafted requests to potentially extract internal content paths and system information...

CVE-2024-44413

CVE-2024-44413 describes a critical command-injection flaw in the D-Link DI_8200 family (example: DI_8200-16.07.26A1). The issue arises in the upgrade_filter_asp function inside upgrade_filter.asp where manipulating the path parameter can lead to arbitrary command execution. Connected sources con...

CVE-2024-44413

A vulnerability was discovered in DI8200-16.07.26A1, which has been classified as critical. This issue affects the upgradefilterasp function in the upgradefilter.asp file. Manipulation of the path parameter can lead to command injection...