CVE-2022-25081

TOTOLink T10 V5.9c.5061B20200511 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERYSTRING parameter...

CVE-2022-25081

Totolink T10 firmware V5.9c.5061_B20200511 is affected by CVE-2022-25081, a command-injection in the Main function that allows arbitrary commands via the QUERY_STRING parameter. CVSS v3.1 base score 9.8 (CRITICAL) with network access, low attack complexity, and no authentication required. Several...

CVE-2022-25080

CVE-2022-25080 affects TOTOLink A830R firmware, specifically version V5.9c.4729_B20191112, where the vulnerability is a command injection in the Main function. The issue allows remote attackers to execute arbitrary commands via the QUERY_STRING parameter, with impact described as potential remote...

CVE-2022-25079

CVE-2022-25079 affects TOTOLink A810R firmware version 4.1.2cu.5182_B20201026. The issue is described as a command injection in the router’s Main function, allowing an attacker to execute arbitrary commands through the QUERY_STRING parameter. Multiple sources corroborate a remote, unauthenticated...

CVE-2022-25079

TOTOLink A810R V4.1.2cu.5182B20201026 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERYSTRING parameter...

CVE-2022-25077

TOTOLink A3100R V4.1.2cu.5050B20200504 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERYSTRING parameter...

CVE-2022-25077

Affected device and version: TOTOLink A3100R, version 4.1.2cu.5050_B20200504. Vulnerability type: command injection in the Main function, exploitable via the QUERY_STRING parameter. Root cause described as lack of input validation/filtering in Main. Impact (as stated): attacker could execute arbi...

CVE-2022-25078

TOTOLink A3600R V4.1.2cu.5182B20201102 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERYSTRING parameter...

CVE-2022-25076

TOTOLink A800R V4.1.2cu.5137B20200730 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERYSTRING parameter...

CVE-2022-25075

CVE-2022-25075 affects TOTOLink A3000RU (V5.9c.2280_B20180512). A command‑injection vulnerability in the "Main" function allows execution of arbitrary commands via the QUERY_STRING parameter. Multiple sources (NVD, CNVD, CVE lists, vendor advisories) corroborate the flaw and its impact, which is ...

CVE-2022-25075

TOTOLink A3000RU V5.9c.2280B20180512 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERYSTRING parameter...

CVE-2021-45742

TOTOLINK A720R v4.1.5cu.470B20200911 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERYSTRING parameter...

Command injection

TOTOLINK A720R v4.1.5cu.470B20200911 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERYSTRING parameter...

CVE-2021-45742

TOTOLINK A720R v4.1.5cu.470B20200911 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERYSTRING parameter...

CVE-2013-1642

Multiple cross-site scripting XSS vulnerabilities in QuiXplorer before 2.5.5 allow remote attackers to inject arbitrary web script or HTML via the 1 dir, 2 item, 3 order, 4 searchitem, 5 selitems, or 6 srt parameter to index.php or 7 the QUERYSTRING to index.php...

CVE-2013-1642

Multiple cross-site scripting XSS vulnerabilities in QuiXplorer before 2.5.5 allow remote attackers to inject arbitrary web script or HTML via the 1 dir, 2 item, 3 order, 4 searchitem, 5 selitems, or 6 srt parameter to index.php or 7 the QUERYSTRING to index.php...

Cross site scripting

In FusionPBX up to 4.5.7, the file app\contacts\contactedit.php uses an unsanitized "querystring" variable coming from the URL, which is reflected in HTML, leading to XSS...

CVE-2019-16973

FusionPBX ≤ 4.5.7 is affected by a reflected XSS in app\contacts\contact_edit.php where an unsanitized URL query_string is echoed into HTML. This is the root cause: unsanitized input from the URL being reflected, enabling cross-site scripting. Exploitation details are not provided in the document...

CVE-2019-16987

Summary: CVE-2019-16987 affects FusionPBX up to version 4.5.7. The vulnerability exists in the file app/contacts/contact_import.php, where an unsanitized query_string parameter from the URL is reflected in HTML, causing a reflected XSS. The linked Red Hat/NVD entries confirm the same issue. Impac...

Cross site scripting

Cross-site scripting XSS vulnerability in login-fsp.html in MODX Revolution before 1.9.1 allows remote attackers to inject arbitrary web script or HTML via the QUERYSTRING...