EUVD-2019-2615

Malware in sbrugna...

CVE-2025-24810

Cross-site scripting vulnerability exists in Simple Image Sizes 3.2.3 and earlier. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is logging in to the product with the administrative privilege and accessing the settings screen...

CVE-2024-41374

ICEcoder 8.1 is vulnerable to Cross Site Scripting XSS via lib/settings-screen.php...

CVE-2025-24810

Cross-site scripting vulnerability exists in Simple Image Sizes 3.2.3 and earlier. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is logging in to the product with the administrative privilege and accessing the settings screen...

CVE-2025-24810

Cross-site scripting vulnerability exists in Simple Image Sizes 3.2.3 and earlier. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is logging in to the product with the administrative privilege and accessing the settings screen...

WordPress plugin Simple Image Sizes 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin ... A cross-site scripting...

CVE-2024-41374

ICEcoder 8.1 is vulnerable to Cross Site Scripting XSS via lib/settings-screen.php...

CVE-2024-41374

ICEcoder 8.1 is vulnerable to Cross Site Scripting (XSS) via lib/settings-screen.php. The public docs describe a XSS flaw in that file, but do not provide exploited details. Root cause indicated is improper handling/sanitization in lib/settings-screen.php; CVSS indicates NETWORK vector with user ...

ICEcoder 安全漏洞

ICEcoder is a browser-based code editor from ICEcoder open source. Allows users to code online or offline directly in a web browser. A security vulnerability exists in ICEcoder version 8.1, which stems from a discovery via lib/settings-screen.php that contains a cross-site scripting vulnerability...

PT-2024-29382 · Icecoder · Icecoder

Name of the Vulnerable Software and Affected Versions: ICEcoder version 8.1 Description: The issue is related to Cross Site Scripting XSS via the lib/settings-screen.php file. This allows for potential malicious script injection. Recommendations: For ICEcoder version 8.1, consider restricting...

Airspan AirSpot 5410 跨站脚本漏洞

The Airspan AirSpot 5410 is an advanced LTE, CAT12, outdoor, multi-service product from Airspan USA. A security vulnerability exists in Airspan AirSpot 5410 version 0.3.4.1-4 and prior versions, which stems from a failure of its binary component /home/www/cgi-bin/login.cgi to check that the user ...

CVE-2021-20812

Cross-site scripting vulnerability in Setting screen of Server Sync of Movable Type Movable Type Advanced 7 r.4903 and earlier Movable Type Advanced 7 Series and Movable Type Premium Advanced 1.44 and earlier allows remote attackers to inject arbitrary script or HTML via unspecified vectors...

Hardcoded credentials

RICOH Interactive Whiteboard D2200 V1.1 to V2.2, D5500 V1.1 to V2.2, D5510 V1.1 to V2.2, the display versions with RICOH Interactive Whiteboard Controller Type1 V1.1 to V2.2 attached D5520, D6500, D6510, D7500, D8400, and the display versions with RICOH Interactive Whiteboard Controller Type2 V3....

CVE-2018-16186

RICOH Interactive Whiteboard D2200 V1.1 to V2.2, D5500 V1.1 to V2.2, D5510 V1.1 to V2.2, the display versions with RICOH Interactive Whiteboard Controller Type1 V1.1 to V2.2 attached D5520, D6500, D6510, D7500, D8400, and the display versions with RICOH Interactive Whiteboard Controller Type2 V3....

JVN#55263945: Multiple vulnerabilities in RICOH Interactive Whiteboard

RICOH Interactive Whiteboard provided by RICOH COMPANY, LTD. contains multiple vulnerabilities listed below. Command injection CWE-94 - CVE-2018-16184 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H| Base Score: 9.8 CVSS v2| AV:N/AC:L/AU:N/C:C/I:C/A:C| Bas...

Design/Logic Flaw

The Ultimate Member aka ultimatemember plugin before 2.0.18 for WordPress has XSS via the wp-admin settings screen...

CVE-2018-13136

The Ultimate Member aka ultimatemember plugin before 2.0.18 for WordPress has XSS via the wp-admin settings screen...

CVE-2018-1000508

WP ULike version 2.8.1, 3.1 contains a Cross Site Scripting XSS vulnerability in Settings screen that can result in allows unauthorised users to do almost anything an admin can. This attack appear to be exploitable via Admin must visit logs page. This vulnerability appears to have been fixed in 3...

Cross site scripting

WP ULike version 2.8.1, 3.1 contains a Cross Site Scripting XSS vulnerability in Settings screen that can result in allows unauthorised users to do almost anything an admin can. This attack appear to be exploitable via Admin must visit logs page. This vulnerability appears to have been fixed in 3...

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF in the Basic Settings screen on Vonage Grandstream HT802 devices allows attackers to modify settings, related to cgi-bin/update...