Interpretation Conflict

Overview Affected versions of this package are vulnerable to Interpretation Conflict due to case-sensitive handling of the host matching process. An attacker can bypass access control policies by sending requests with hostnames that differ only in letter casing, potentially gaining unauthorized...

Object Injection

ezsystems/ezpublish-legacy is vulnerable to Object Injection. The vulnerability due to in the Legacy Shop module which allows an attacker with backend editor privileges to manipulate the discount rule settings...

CVE-2018-5967

Netis WF2419 V2.2.36123 devices allow XSS via the Description parameter on the Bandwidth Control Rule Settings page...

CVE-2018-5967

CVE-2018-5967 affects Netis WF2419 devices (v2.2.36123) where the Description field on the Bandwidth Control Rule Settings page is vulnerable to XSS. The root cause is inadequate filtering of user-supplied data in that Description parameter, allowing a remote attacker to inject script/HTML into t...

Netis WF2419 Cross-Site Scripting Vulnerability

Netis WF2419 is a wireless router product from China Tandan Network NETIS. A cross-site scripting vulnerability exists in the Netis WF2419 version 2.2.36123, which is caused by the program failing to adequately filter user-submitted data. The vulnerability can be exploited by a remote attacker to...