24 matches found
CVE-2026-5671
A vulnerability was determined in Cyber-III Student-Management-System up to 1a938fa61e9f735078e9b291d2e6215b4942af3f. Impacted is an unknown function of the file /admin/class%20schedule/deletebatch.php of the component Class Schedule Deletion Endpoint. Executing a manipulation of the argument bat...
CVE-2019-25419
Comodo Dome Firewall 2.7.0 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input to the schedule endpoint. Attackers can submit POST requests with JavaScript payloads in the SCHNAME parameter to execute arbitrary code in...
CVE-2019-25419
Comodo Dome Firewall 2.7.0 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input to the schedule endpoint. Attackers can submit POST requests with JavaScript payloads in the SCHNAME parameter to execute arbitrary code in...
CVE-2019-25419 Comodo Dome Firewall 2.7.0 Stored Cross-Site Scripting via schedule
Comodo Dome Firewall 2.7.0 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input to the schedule endpoint. Attackers can submit POST requests with JavaScript payloads in the SCHNAME parameter to execute arbitrary code in...
CVE-2019-25419
CVE-2019-25419 affects Comodo Dome Firewall 2.7.0 and describes a stored cross-site scripting flaw in the schedule endpoint. An attacker can submit POST requests containing JavaScript payloads in the SCHNAME parameter, which may execute in administrators’ browsers when the schedule page is viewed...
CVE-2019-25419 Comodo Dome Firewall 2.7.0 Stored Cross-Site Scripting via schedule
Comodo Dome Firewall 2.7.0 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input to the schedule endpoint. Attackers can submit POST requests with JavaScript payloads in the SCHNAME parameter to execute arbitrary code in...
CVE-2019-25419
Comodo Dome Firewall 2.7.0 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input to the schedule endpoint. Attackers can submit POST requests with JavaScript payloads in the SCHNAME parameter to execute arbitrary code in...
PT-2026-20822
Comodo Dome Firewall 2.7.0 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input to the schedule endpoint. Attackers can submit POST requests with JavaScript payloads in the SCHNAME parameter to execute arbitrary code in...
Comodo Dome Firewall 跨站脚本漏洞
Comodo Dome Firewall is a unified threat management and next-generation firewall provided by the Chinese company Comodo. Version 2.7.0 of Comodo Dome Firewall contains a cross-site scripting vulnerability. This vulnerability stems from improper cleaning of the SCHNAME parameter in schedule...
CVE-2025-34260
Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting XSS vulnerability in the /rmm/v1/action/schedule endpoint. When an authenticated user adds a schedule to an existing task, the schedule name is stored and later rendered in schedule listings without HTML...
CVE-2025-34260
Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting XSS vulnerability in the /rmm/v1/action/schedule endpoint. When an authenticated user adds a schedule to an existing task, the schedule name is stored and later rendered in schedule listings without HTML...
CVE-2025-34260
Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting XSS vulnerability in the /rmm/v1/action/schedule endpoint. When an authenticated user adds a schedule to an existing task, the schedule name is stored and later rendered in schedule listings without HTML...
CVE-2025-34260
Affected product: Advantech WISE-DeviceOn Server prior to 5.4. Vulnerability: Authenticated stored XSS via /rmm/v1/action/schedule when a schedule name is stored and later rendered without HTML escaping. Root cause: Lack of proper input validation/escaping for user-supplied data at the schedule e...
CVE-2025-34260 Advantech WISE-DeviceOn Server < 5.4 Authenticated Stored XSS via action/schedule
Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting XSS vulnerability in the /rmm/v1/action/schedule endpoint. When an authenticated user adds a schedule to an existing task, the schedule name is stored and later rendered in schedule listings without HTML...
CVE-2025-34260 Advantech WISE-DeviceOn Server < 5.4 Authenticated Stored XSS via action/schedule
Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting XSS vulnerability in the /rmm/v1/action/schedule endpoint. When an authenticated user adds a schedule to an existing task, the schedule name is stored and later rendered in schedule listings without HTML...
EUVD-2025-201438
Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting XSS vulnerability in the /rmm/v1/action/schedule endpoint. When an authenticated user adds a schedule to an existing task, the schedule name is stored and later rendered in schedule listings without HTML...
Advantech WISE-DeviceOn Server 跨站脚本漏洞
Advantech WISE-DeviceOn Server is Advantech's next-generation unified device management solution based on the WISE-DeviceOn platform. Advantech WISE-DeviceOn Server suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data...
PT-2025-49281
Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting XSS vulnerability in the /rmm/v1/action/schedule endpoint. When an authenticated user adds a schedule to an existing task, the schedule name is stored and later rendered in schedule listings without HTML...
CVE-2025-63718
A SQL injection vulnerability exists in the SourceCodester PQMS Patient Queue Management System 1.0 in the apipatientschedule.php endpoint. The appointmentID parameter is not properly sanitized, allowing attackers to execute arbitrary SQL commands...
PT-2025-45480
Name of the Vulnerable Software and Affected Versions SourceCodester PQMS version 1.0 Description A SQL injection issue exists in the Patient Queue Management System. The api patient schedule.php endpoint is affected because the appointmentID parameter does not receive proper sanitization,...