Huly Platform 安全漏洞

Huly Platform is an integrated project management platform developed by Huly in open source. Version 0.7.382 of Huly Platform contains a security vulnerability, which stems from the use of a hardcoded secret key in the SERVERSECRET parameter of the JWT Token Handler component...

Hospital Management System session function hard-coded key vulnerability

Hospital Management System a hospital management system. Hospital Management System has a hard-coded key vulnerability that arises from the incorrect manipulation of the secret parameter by the session function in the express-session component, for which no detailed vulnerability details are...

litemall 安全漏洞

litemall is a small mall system for linlinjava individual developers. A security vulnerability exists in litemall 1.8.0 and earlier versions, which stems from the incorrect manipulation of the parameter SECRET in the file litemall-wx-api/src/main/java/org/linlinjava/litemall/wx/util/JwtHelper.jav...

CVE-2025-8759

The CVE-2025-8759 entry concerns TRENDnet TN-200 device version 1.02b02 where the Lighttpd component is affected. The root cause is manipulation of the secdownload.secret argument, with input neV3rUseMe, leading to the use of a hard-coded cryptographic key. This exposes potential remote exploitat...

TRENDnet TN-200 安全漏洞

TRENDnet TN-200 is a NAS media server from Trendnet, Inc. A security vulnerability exists in TRENDnet TN-200 version 1.02b02, which stems from the use of a hard-coded key in the parameter secdownload.secret...

PT-2025-1593 · Unknown · Flexmls Idx Plugin

Name of the Vulnerable Software and Affected Versions: Flexmls® IDX Plugin versions up to, and including, 3.14.26 Description: The issue is related to Stored Cross-Site Scripting via the api key and api secret parameters due to insufficient input sanitization and output escaping. This allows...

CVE-2024-27488

Incorrect Access Control vulnerability in ZLMediaKit versions 1.0 through 8.0, allows remote attackers to escalate privileges and obtain sensitive information. The application system enables the http API interface by default and uses the secret parameter method to authenticate the http restful ap...

CVE-2024-27488

ZLMediaKit versions 1.0–8.0 are affected by an Incorrect Access Control vulnerability that enables remote attackers to escalate privileges and obtain sensitive information. The issue stems from the application enabling the HTTP API interface by default and using a secret parameter for authenticat...

dro.pm 跨站脚本漏洞

dro.pm is an application by Luc Gommans personal developer. Used to remove links, text and files for easy sharing A cross-site scripting vulnerability exists in previous versions of dro.pm fa73c3a42bc5c246a1b8f815699ea241aef154bb, which stems from a security issue in the unknown section of the fi...

PT-2023-15095 · Nexusphp · Nexusphp

Name of the Vulnerable Software and Affected Versions: NexusPHP versions prior to 1.7.33 Description: The issue allows remote attackers to inject arbitrary web script or HTML, potentially leading to reflective cross-site scripting XSS attacks. This can be achieved by injecting malicious input int...

PT-2022-11745 · Red Hat · Openshift Osin

Name of the Vulnerable Software and Affected Versions: OpenShift OSIN affected versions not specified Description: A vulnerability was found in OpenShift OSIN, classified as problematic. It affects the function ClientSecretMatches/CheckClientSecret. The manipulation of the argument secret leads t...

Red Hat OpenShift 安全漏洞

Red Hat OpenShift is a Platform-as-a-Service PaaS cloud computing platform from Red Hat, Inc. that supports building, testing, deploying and running applications. A security vulnerability exists in Red Hat OpenShift OSIN that stems from an incorrect manipulation of the secret parameter resulting ...

EMC RSA Certificate Manager and RSA Registration Manager Cross-Site Scripting Vulnerability (CNVD-2015-01665)

EMC RSA Certificate Manager RCM and RSA Registration Manager RRM are both products of EMC Corporation, RCM is a digital certificate management system that provides automated implementation of encryption key and digital certificate management, and RRM is a certificate registration management syste...

CVE-2015-0521

Cross-site scripting XSS vulnerability in EMC RSA Certificate Manager RCM before 6.9 build 558 and RSA Registration Manager RRM before 6.9 build 558 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to the CMP shared secret parameter...

Cross site scripting

Cross-site scripting XSS vulnerability in EMC RSA Certificate Manager RCM before 6.9 build 558 and RSA Registration Manager RRM before 6.9 build 558 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to the CMP shared secret parameter...

CVE-2015-0521

CVE-2015-0521 is a stored XSS vulnerability affecting EMC RSA Certificate Manager (RCM) and RSA Registration Manager (RRM) prior to 6.9 Build 558. The issue involves the CMP shared secret parameter and can be exploited by remote authenticated users to inject arbitrary HTML/script in a user’s brow...

CVE-2014-4603

Multiple cross-site scripting XSS vulnerabilities in yupdatesapplication.php in the Yahoo! Updates for WordPress plugin 1.0 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 secret, 2 key, or 3 appid parameter...