NETIS SYSTEMS MEX605 安全漏洞

NETIS SYSTEMS MEX605 is a wireless device from NETIS SYSTEMS, Inc. A security vulnerability exists in the NETIS SYSTEMS MEX605 version v2.00.06, which stems from the presence of a cross-site scripting XSS vulnerability that allows an attacker to execute arbitrary web script or HTML by injecting a...

NETIS SYSTEMS MEX605 安全漏洞

NETIS SYSTEMS MEX605 is a wireless device from NETIS SYSTEMS, Inc. A security vulnerability exists in the NETIS SYSTEMS MEX605 version v2.00.06 that stems from the presence of a cross-site scripting XSS vulnerability, which could allow an attacker to execute arbitrary web script or HTML...

CVE-2024-34144

A sandbox bypass vulnerability involving crafted constructor bodies in Jenkins Script Security Plugin 1335.vf07d9ce377ae and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the contex...

CMSimple 安全漏洞

CMSimple is a free content management system. A security vulnerability exists in CMSimple version v5.15. An attacker can exploit the vulnerability to execute arbitrary web script or HTML...

CVE-2024-33424

A cross-site scripting XSS vulnerability in the Settings menu of CMSimple v5.15 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Downloads parameter under the Language section...

yapi 安全漏洞

YMFE YApi is a visual interface management platform from YMFE, Inc. A security vulnerability exists in yapi version v1.10.2, which stems from the presence of a stored cross-site scripting XSS vulnerability that allows an attacker to execute arbitrary web script or HTML by injecting a crafted...

MiniCMS Cross-Site Scripting Vulnerability (CNVD-2024-24950)

MiniCMS is the minimalist content management system for personal websites. A cross-site scripting vulnerability exists in MiniCMS v.1.11, which stems from the lack of effective filtering and escaping of user-supplied data, and can be exploited by an attacker to execute arbitrary Web script or HTM...

MiniCMS 安全漏洞

MiniCMS is the minimalist content management system for personal websites. A cross-site scripting vulnerability exists in MiniCMS v.1.11, which stems from the lack of effective filtering and escaping of user-supplied data, and can be exploited by an attacker to execute arbitrary Web script or HTM...

HadSky 跨站脚本漏洞

HadSky is an original open source php lightweight forum system by the Chinese company HadSky. A cross-site scripting vulnerability exists in HadSky v7.6.3, which originates from the presence of cross-site scripting in the remote linking functionality that allows an attacker to execute arbitrary w...

CVE-2022-34560

A cross-site scripting XSS vulnerability in PHPFox v4.8.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the History parameter...

phpFox 安全漏洞

phpFox is a social networking platform from phpFox Inc. A security vulnerability exists in phpFox version v4.8.9. An attacker can exploit this vulnerability to execute arbitrary web script or HTML by injecting a specially crafted payload with the History parameter...

CVE-2024-32206

A stored cross-site scripting XSS vulnerability in the component \affiche\admin\index.php of WUZHICMS v4.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the $formdata parameter...

CVE-2024-29958

Brocade SANnav (SANnav) up to v2.3.0a has a vulnerability where privileged users running the script to replace the SANnav Management Portal standby node can cause the encryption key to be printed to the console. This exposes the encryption key and creates an extra attack surface for key theft. Af...

TOTOLINK N300RT 安全漏洞

The TOTOLINK N300RT is a wireless router designed for home and small business users. The TOTOLINK N300RT suffers from a cross-site scripting vulnerability, which stems from the lack of effective filtering and escaping of user-supplied data by the IP/Port Filtering feature of the Firewall page, an...

CVE-2024-32744

A cross-site scripting XSS vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the PAGE KEYWORDS parameter under the CURRENT PAGE module...

CVE-2024-32745

A cross-site scripting XSS vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the PAGE DESCRIPTION parameter under the CURRENT PAGE module...

CVE-2024-32338

A cross-site scripting XSS vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the PAGE TITLE parameter under the Current Page module...

CVE-2024-32743

A cross-site scripting XSS vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the SITE LANGUAGE CONFIG parameter under the Security module...

CVE-2024-30950

A stored cross-site scripting XSS vulnerability in FUDforum v3.1.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the SQL statements field under /adm/admsql.php...

CVE-2024-30950

A stored cross-site scripting XSS vulnerability in FUDforum v3.1.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the SQL statements field under /adm/admsql.php...