13 matches found
CVE-2026-33136
WeGIA is a web manager for charitable institutions. Versions 3.6.6 and below have a Reflected Cross-Site Scripting XSS vulnerability in the listarmemorandosativos.php endpoint. An attacker can inject arbitrary JavaScript or HTML tags into the sccd GET parameter, which is then directly echoed into...
CVE-2026-33136 WeGIA has Reflected Cross-Site Scripting (XSS) in `listar_memorandos_ativos.php` via `sccd` parameter
WeGIA is a web manager for charitable institutions. Versions 3.6.6 and below have a Reflected Cross-Site Scripting XSS vulnerability in the listarmemorandosativos.php endpoint. An attacker can inject arbitrary JavaScript or HTML tags into the sccd GET parameter, which is then directly echoed into...
EUVD-2026-13682
WeGIA is a web manager for charitable institutions. Versions 3.6.6 and below have a Reflected Cross-Site Scripting XSS vulnerability in the listarmemorandosativos.php endpoint. An attacker can inject arbitrary JavaScript or HTML tags into the sccd GET parameter, which is then directly echoed into...
CVE-2026-33136 WeGIA has Reflected Cross-Site Scripting (XSS) in `listar_memorandos_ativos.php` via `sccd` parameter
WeGIA is a web manager for charitable institutions. Versions 3.6.6 and below have a Reflected Cross-Site Scripting XSS vulnerability in the listarmemorandosativos.php endpoint. An attacker can inject arbitrary JavaScript or HTML tags into the sccd GET parameter, which is then directly echoed into...
CVE-2026-33136 WeGIA has Reflected Cross-Site Scripting (XSS) in `listar_memorandos_ativos.php` via `sccd` parameter
WeGIA is a web manager for charitable institutions. Versions 3.6.6 and below have a Reflected Cross-Site Scripting XSS vulnerability in the listarmemorandosativos.php endpoint. An attacker can inject arbitrary JavaScript or HTML tags into the sccd GET parameter, which is then directly echoed into...
CVE-2026-33136
WeGIA Web Manager (versions ≤ 3.6.6) contains a Reflected XSS in listar_memorandos_ativos.php via the sccd parameter, where $_GET['sccd'] is echoed into the HTML without sanitization. This is triggered when $_GET['msg'] equals 'success' and results in an HTML alert containing the attacker-supplie...
CVE-2026-33136
WeGIA is a web manager for charitable institutions. Versions 3.6.6 and below have a Reflected Cross-Site Scripting XSS vulnerability in the listarmemorandosativos.php endpoint. An attacker can inject arbitrary JavaScript or HTML tags into the sccd GET parameter, which is then directly echoed into...
PT-2026-26607
WeGIA is a web manager for charitable institutions. Versions 3.6.6 and below have a Reflected Cross-Site Scripting XSS vulnerability in the listar memorandos ativos.php endpoint. An attacker can inject arbitrary JavaScript or HTML tags into the sccd GET parameter, which is then directly echoed in...
CVE-2021-40866
Certain NETGEAR smart switches are affected by a remote admin password change by an unauthenticated attacker via the disabled by default /sqfs/bin/sccd daemon, which fails to check authentication when the authentication TLV is missing from a received NSDP packet. This affects GC108P before 1.0.8....
NETGEAR 安全漏洞
GC108P and other smart switch products from Netgear, U.S.A. Several of Netgear's smart switches are vulnerable to an input validation error, which stems from a failure of the daemon to check for validation when an authentication TLV is missing from an incoming NSDP packet. An unauthenticated...
PT-2021-22993 · NetGear · Netgear Gc108P +15
Name of the Vulnerable Software and Affected Versions: NETGEAR GC108P versions prior to 1.0.8.2 NETGEAR GC108PP versions prior to 1.0.8.2 NETGEAR GS108Tv3 versions prior to 7.0.7.2 NETGEAR GS110TPP versions prior to 7.0.7.2 NETGEAR GS110TPv3 versions prior to 7.0.7.2 NETGEAR GS110TUP versions pri...
CVE-2013-5402
Cross-site scripting XSS vulnerability in IBM Maximo Asset Management, Maximo Asset Management Essentials, Maximo for Government, Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas, and Maximo for Utilities 7.1.x through 7.1.1.12, 7.1.2, 7.5 befo...
CVE-2013-5402
CVE-2013-5402 is a Cross-Site Scripting (XSS) vulnerability affecting IBM Maximo Asset Management and related IBM products (Asset Management Essentials, Government, Nuclear Power, Transportation, Life Sciences, Oil and Gas, Utilities; SmartCloud Control Desk; Tivoli Asset Management for IT; Tivol...