5 matches found
CVE-2026-42086 OpenC3 COSMOS: Self-XSS in the Command Sender
OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. Prior to version 7.0.0, the Command Sender UI uses an unsafe eval function on array-like command parameters, which allows a user-supplied payload to execute in the browser when...
CVE-2026-7016
A vulnerability was found in MaxSite CMS up to 109.3. Impacted is an unknown function of the component ushki Plugin. Performing a manipulation of the argument fushkanew/fushk results in cross site scripting. Remote exploitation of the attack is possible. The exploit has been made public and could...
Linux Distros Unpatched Vulnerability : CVE-2020-4049
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In affected versions of WordPress, when uploading themes, the name of the theme folder can be crafted in a way that could lead to JavaScript execution in...
CVE-2021-31803
cPanel before 94.0.3 allows self-XSS via EasyApache 4 Save Profile SEC-581...
CVE-2018-20948
cPanel before 68.0.27 allows self XSS in cPanel Backup Restoration SEC-383...