Whoogle Search Cross-site Scripting via string parameter

The package whoogle-search before version 0.7.2 is vulnerable to Cross-site Scripting XSS via the query string parameter q. In the case where it does not contain the http string, it is used to build the errormessage that is then rendered in the error.html template, using the flask.rendertemplate...

GHSA-MXVC-FWGX-J778 Whoogle Search Cross-site Scripting via string parameter

The package whoogle-search before version 0.7.2 is vulnerable to Cross-site Scripting XSS via the query string parameter q. In the case where it does not contain the http string, it is used to build the errormessage that is then rendered in the error.html template, using the flask.rendertemplate...

CVE-2022-25303

The package whoogle-search before 0.7.2 are vulnerable to Cross-site Scripting XSS via the query string parameter q. In the case where it does not contain the http string, it is used to build the errormessage that is then rendered in the error.html template, using the flask.rendertemplate functio...

Cross site scripting

The package whoogle-search before 0.7.2 are vulnerable to Cross-site Scripting XSS via the query string parameter q. In the case where it does not contain the http string, it is used to build the errormessage that is then rendered in the error.html template, using the flask.rendertemplate functio...

EQS Integrity Line Cross Site Scripting / Information Disclosure

EQS Integrity Line: Multiple Vulnerabilities Name Multiple Vulnerabilities in EQS Integrity Line Systems Affected EQS Integrity Line through 2022-07-01 Severity High Impact CVSSv2 High 8.8/10, score: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Vendor EQS Group AG https://www.eqs.com/ Advisory...

The vulnerability of the __ajax_explorer.sgi file in D-Link DIR-645 router microprogramming software allows a hacker to execute arbitrary commands.

The vulnerability of the ajaxexplorer.sgi file of the D-Link DIR-645 router microprogramming system is related to the failure to eliminate special elements used in the operating system’s processing of the QUERYSTRING parameter. Exploiting this vulnerability can allow an attacker to execute...

CVE-2022-32092

D-Link DIR-645 v1.03 was discovered to contain a command injection vulnerability via the QUERYSTRING parameter at ajaxexplorer.sgi...

CVE-2022-32092

D-Link DIR-645 v1.03 was discovered to contain a command injection vulnerability via the QUERYSTRING parameter at ajaxexplorer.sgi...

D-Link DIR-645 操作系统命令注入漏洞

The D-Link DIR-645 is a wireless router from China-based D-Link. An operating system command injection vulnerability exists in the D-Link DIR-645 v1.03, which originates from a command injection vulnerability in the QUERYSTRING parameter in the ajaxexplorer.sgi page...

The vulnerability of the “Main” function in TOTOLINK A3000RU router microprogramming software allows a intruder to execute arbitrary commands.

The vulnerability of the “Main” function in TOTOLINK A3000RU router microprogramming systems is related to insufficient checking of arguments passed in commands. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands through the QUERYSTRING parameter...

querymen 安全漏洞

querymen is an individual developer's query string parser middleware for MongoDB, Express, and Nodejs. A security vulnerability exists in querymen that stems from the middleware's susceptibility to prototype contamination...

PT-2022-3370 · D Link · D-Link Dir-645

Name of the Vulnerable Software and Affected Versions: D-Link DIR-645 version 1.03 Description: The issue is related to a command injection vulnerability in the ajax explorer.sgi file of the D-Link DIR-645 router's firmware. This vulnerability arises from the failure to neutralize special element...

GHSA-VCQ7-X4WR-W2MJ Joomla! vulnerable to Cross-site Scripting

Multiple cross-site scripting XSS vulnerabilities in Joomla! before 1.6.4 allow remote attackers to inject arbitrary web script or HTML via 1 the query string to the comcontact component, as demonstrated by the Itemid parameter to index.php; 2 the query string to the comcontent component, as...

Secomea GateManager Information Disclosure Vulnerability

Secomea GateManager is a remote access server product from the Danish company Secomea. security vulnerability exists in all versions of Secomea GateManager prior to 9.7. The vulnerability stems from the exposure of query string information in GET requests of the LMM API, which could be exploited ...

CVE-2022-27411

TOTOLINK N600R v5.3c.5507B20171031 was discovered to contain a command injection vulnerability via the QUERYSTRING parameter in the "Main" function...

CVE-2022-27411

TOTOLINK N600R v5.3c.5507B20171031 was discovered to contain a command injection vulnerability via the QUERYSTRING parameter in the "Main" function...

PT-2022-18408 · Totolink · Totolink N600R

Name of the Vulnerable Software and Affected Versions: TOTOLINK N600R version 5.3c.5507 B20171031 Description: A command injection issue was discovered via the QUERY STRING parameter in the Main function. This allows for potential exploitation. Recommendations: For TOTOLINK N600R version 5.3c.550...

TOTOLINK N600R 安全漏洞

TOTOLINK N600R is a wireless router from Taiwan-based TOTOLINK Electronics. TOTOLINK N600R has a command injection vulnerability, which originates from the "Main" function containing command injection, and can be exploited to execute arbitrary commands via the QUERYSTRING parameter...

Apache Struts Cross-site scripting Vulnerability

Cross-site scripting XSS vulnerability in Apache Struts 1.2.7, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly quoted or filtered when the request handler generates an error message...

CVE-2022-0953

The Anti-Malware Security and Brute-Force Firewall WordPress plugin before 4.20.96 does not sanitise and escape the QUERYSTRING before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting in browsers which do not encode characters...