CVE-2025-41025

Stored Cross-Site Scripting XSS in Poultry Farm Management System v1.0 due to the lack of proper validation of user input by sending a POST request. The relationship between parameters and assigned identifiers is as follows: 'category' y 'product' parameters in '/farm/sellproduct.php'...

CVE-2022-23771

This vulnerability occurs in user accounts creation and deleteion related pages of IPTIME NAS products. The vulnerability could be exploited by a lack of validation when a POST request is made to this page. An attacker can use this vulnerability to or delete user accounts, or to escalate arbitrar...

CVE-2025-41107

The CVE-2025-41107 entry describes a Stored XSS in Smart School 7.0 caused by insufficient validation of user input in a POST to /online_admission, affecting fields such as firstname, lastname, guardian_name, etc. The issue could allow a remote attacker to craft input that is processed by an auth...

CVE-2025-40703

Cross-Site Scripting XSS vulnerability in OpenAtlas v8.9.0 from the Austrian Centre for Digital Humanities and Cultural Heritage ACDH-CH, due to inadequate validation of user input when a POST request is sent. The vulnerabilities could allow a remote user to send specially crafted queries to an...

OpenAtlas 跨站脚本漏洞

OpenAtlas is an Android non-proxy dynamic deployment framework from the Austrian company OpenAtlas. A cross-site scripting vulnerability exists in OpenAtlas version v8.9.0, which stems from insufficient validation of user input in a POST request and could lead to a cross-site scripting attack...

GatesAir Maxiva 安全漏洞

GatesAir Maxiva is a series of transmitters from GatesAir USA. A security vulnerability exists in the GatesAir Maxiva UAXT Transmitter and VAXT Transmitter that stems from improperly validated POST request processing when debug mode is enabled, resulting in remote code execution...

ipTIME NAS 跨站请求伪造漏洞

ipTIME NAS is a wireless router product from South Korea's ipTIME Corporation that provides NAS network attached storage. A security vulnerability exists in ipTIME NAS that stems from a lack of validation of POST requests sent to a page. An attacker can exploit this vulnerability to delete user...

CVE-2020-10971

An issue was discovered on Wavlink Jetstream devices where a crafted POST request can be sent to adm.cgi that will result in the execution of the supplied command if there is an active session at the same time. The POST request itself is not validated to ensure it came from the active session...

Cross site request forgery (csrf)

An issue was discovered in Locus Energy LGate prior to 1.05H, LGate 50, LGate 100, LGate 101, LGate 120, and LGate 320. Locus Energy meters use a PHP script to manage the energy meter parameters for voltage monitoring and network configuration. The PHP code does not properly validate information...