7660 matches found
Cross site scripting
A vulnerability was found in Thomson TCW710 ST5D.10.05. It has been declared as problematic. This vulnerability affects unknown code of the file /goform/RgUrlBlock.asp. The manipulation of the argument BasicParentalNewKeyword with the input alert1 as part of POST Request leads to cross site...
CVE-2018-25039 Thomson TCW710 RgUrlBlock.asp Persistent cross site scriting
A vulnerability was found in Thomson TCW710 ST5D.10.05. It has been declared as problematic. This vulnerability affects unknown code of the file /goform/RgUrlBlock.asp. The manipulation of the argument BasicParentalNewKeyword with the input alert1 as part of POST Request leads to cross site...
CVE-2018-25039 Thomson TCW710 RgUrlBlock.asp Persistent cross site scriting
A vulnerability was found in Thomson TCW710 ST5D.10.05. It has been declared as problematic. This vulnerability affects unknown code of the file /goform/RgUrlBlock.asp. The manipulation of the argument BasicParentalNewKeyword with the input alert1 as part of POST Request leads to cross site...
CVE-2018-25038 Thomson TCW710 RgDhcp Persistent cross site scriting
A vulnerability was found in Thomson TCW710 ST5D.10.05. It has been classified as problematic. This affects an unknown part of the file /goform/RgDhcp. The manipulation of the argument PppUserName with the input alert1 as part of POST Request leads to cross site scripting Persistent. It is possib...
CVE-2018-25038 Thomson TCW710 RgDhcp Persistent cross site scriting
A vulnerability was found in Thomson TCW710 ST5D.10.05. It has been classified as problematic. This affects an unknown part of the file /goform/RgDhcp. The manipulation of the argument PppUserName with the input alert1 as part of POST Request leads to cross site scripting Persistent. It is possib...
CVE-2018-25036
Thomson TCW710 ST5D.10.05 is affected by CVE-2018-25036 due to an unknown-functionality issue in /goform/RgTime. The vulnerability enables persistent cross-site scripting (XSS) via crafted POST input on TimeServer1/TimeServer2/TimeServer3 (e.g., >). The attack can be launched remotely and the ...
CVE-2018-25036 Thomson TCW710 RgTime Persistent cross site scriting
A vulnerability has been found in Thomson TCW710 ST5D.10.05 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /goform/RgTime. The manipulation of the argument TimeServer1/TimeServer2/TimeServer3 with the input alert1 as part of POST Request lead...
CVE-2018-25035 Thomson TCW710 RGFirewallEL Persistent cross site scriting
A vulnerability, which was classified as problematic, was found in Thomson TCW710 ST5D.10.05. Affected is an unknown function of the file /goform/RGFirewallEL. The manipulation of the argument EmailAddress/SmtpServerName with the input alert1 as part of POST Request leads to cross site scripting...
CVE-2018-25034 Thomson TCW710 wlanPrimaryNetwork Persistent cross site scripting
A vulnerability, which was classified as problematic, has been found in Thomson TCW710 ST5D.10.05. This issue affects some unknown processing of the file /goform/wlanPrimaryNetwork. The manipulation of the argument ServiceSetIdentifier with the input alert1 as part of POST Request leads to basic...
Cross site scripting
A vulnerability classified as problematic was found in PHPList 3.2.6. This vulnerability affects unknown code of the file /lists/admin/ of the component List Name. The manipulation leads to cross site scripting Persistent. The attack can be initiated remotely. Upgrading to version 3.3.1 is able t...
CVE-2017-20036 PHPList Bounce Rule Persistent cross site scriting
A vulnerability, which was classified as problematic, was found in PHPList 3.2.6. Affected is an unknown function of the file /lists/admin/ of the component Bounce Rule. The manipulation leads to cross site scripting Persistent. It is possible to launch the attack remotely. Upgrading to version...
CVE-2017-20035 PHPList Subscribe Persistent cross site scriting
A vulnerability, which was classified as problematic, has been found in PHPList 3.2.6. This issue affects some unknown processing of the file /lists/admin/ of the component Subscribe. The manipulation leads to cross site scripting Persistent. The attack may be initiated remotely. Upgrading to...
CVE-2017-20035 PHPList Subscribe Persistent cross site scriting
A vulnerability, which was classified as problematic, has been found in PHPList 3.2.6. This issue affects some unknown processing of the file /lists/admin/ of the component Subscribe. The manipulation leads to cross site scripting Persistent. The attack may be initiated remotely. Upgrading to...
CVE-2017-20034 PHPList List Name Persistent cross site scriting
A vulnerability classified as problematic was found in PHPList 3.2.6. This vulnerability affects unknown code of the file /lists/admin/ of the component List Name. The manipulation leads to cross site scripting Persistent. The attack can be initiated remotely. Upgrading to version 3.3.1 is able t...
CVE-2017-20034 PHPList List Name Persistent cross site scriting
A vulnerability classified as problematic was found in PHPList 3.2.6. This vulnerability affects unknown code of the file /lists/admin/ of the component List Name. The manipulation leads to cross site scripting Persistent. The attack can be initiated remotely. Upgrading to version 3.3.1 is able t...
Malicious code in @manomano-toolbox/catalog (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 710708eb64cdd24b39815c91bcdceb54510a8c06f3576ad492d96dd0eb259413 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in ecobeeesss (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a2ab9adb1a15eca97b37b0e75f6aa97b7592e2224418c1f284234b428b7f2655 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in d2l-rubric (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 551223fd7a2d9e356d5db1df39fab3d2dfe82a4c86215c43bdfea16345cb42d3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Buffer overflow
An unauthenticated attacker can send a specially crafted unauthenticated HTTP request to the device that can overflow a buffer. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.29...
CVE-2022-31479 Remote Code Execution via command injection of the hostname
An unauthenticated attacker can update the hostname with a specially crafted name that will allow for shell commands to be executed during the core collection process. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which...