CVE-2023-49965

The vulnerability CVE-2023-49965 affects SpaceX Starlink Wi‑Fi router Gen 2 prior to 2023.48.0. The Setup Page accepts ssid and password parameters that enable Cross‑Site Scripting (XSS). Impact is user‑revealed data and potentially browser‑based script execution on affected hosts; exploitation d...

CVE-2023-49965

SpaceX Starlink Wi-Fi router Gen 2 before 2023.48.0 allows XSS via the ssid and password parameters on the Setup Page...

CVE-2024-3125 Zebra ZTC GK420d Alert Setup Page settings cross site scripting

A vulnerability classified as problematic was found in Zebra ZTC GK420d 1.0. This vulnerability affects unknown code of the file /settings of the component Alert Setup Page. The manipulation of the argument Address leads to cross site scripting. The attack can be initiated remotely. The exploit h...

CVE-2024-3125 Zebra ZTC GK420d Alert Setup Page settings cross site scripting

A vulnerability classified as problematic was found in Zebra ZTC GK420d 1.0. This vulnerability affects unknown code of the file /settings of the component Alert Setup Page. The manipulation of the argument Address leads to cross site scripting. The attack can be initiated remotely. The exploit h...

CVE-2024-3125

The CVE-2024-3125 entry concerns Zebra ZTC GK420d v1.0, specifically the Alert Setup Page component (settings) where the Address parameter can be manipulated to trigger cross-site scripting. It is exploitable remotely and the exploit has been disclosed. Documented impact is limited to I (integrit...

PT-2024-23892 · Zebra · Zebra Ztc Gk420D

Name of the Vulnerable Software and Affected Versions: Zebra ZTC GK420d version 1.0 Description: A problematic issue was found in the Alert Setup Page component, specifically affecting the /settings file. The manipulation of the Address argument leads to cross-site scripting. This issue can be...

Zebra ZTC GK420d 跨站脚本漏洞

The Zebra ZTC GK420d is a desktop printer from Zebra. A cross-site scripting vulnerability exists in the Zebra ZTC GK420d version 1.0, which originates from unknown code in file /settings in the component Alert Setup Page, leading to cross-site scripting via the parameter Address...

CVE-2024-29419

There is a Cross-site scripting XSS vulnerability in the Wireless settings under the Easy Setup Page of TOTOLINK X2000R before v1.0.0-B20231213.1013...

CVE-2024-29419

There is a Cross-site scripting XSS vulnerability in the Wireless settings under the Easy Setup Page of TOTOLINK X2000R before v1.0.0-B20231213.1013...

CVE-2024-29419

TOTOLINK X2000R is affected by a Cross-site Scripting (XSS) vulnerability in the Wireless settings under the Easy Setup Page. The issue exists in versions prior to v1.0.0-B20231213.1013, with the likely impact being execution of arbitrary script within the device’s web UI. Remediation per PT-2024...

CVE-2024-0554

A Cross-site scripting XSS vulnerability has been found on WIC1200, affecting version 1.1. An authenticated user could store a malicious javascript payload in the device model parameter via '/setup/diagsirlearn.asp', allowing the attacker to retrieve the session details of another user...

PT-2024-14839 · Genie Company · Aladdin Connect

Name of the Vulnerable Software and Affected Versions: The Genie Company Aladdin Connect Retrofit-Kit Model ALDCM affected versions not specified Description: Unauthenticated access is permitted to the web interface page "Garage Door Control Module Setup" of The Genie Company Aladdin Connect...

WordPress plugin Welcart e-Commerce security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in Welcart...

CVE-2020-36716

The WP Activity Log plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the setuppage function in versions up to, and including, 4.0.1. This makes it possible for unauthenticated attackers to run the setup wizard if it has not been run previously and...

CVE-2020-36716

The WP Activity Log plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the setuppage function in versions up to, and including, 4.0.1. This makes it possible for unauthenticated attackers to run the setup wizard if it has not been run previously and...

WordPress Plugin WP Activity Log 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

CVE-2023-2387

A vulnerability classified as problematic was found in Netgear SRX5308 up to 4.3.5-3. Affected by this vulnerability is an unknown functionality of the file scgi-bin/platform.cgi?page=dmzsetup.htm of the component Web Management Interface. The manipulation of the argument winsServer1 leads to cro...

SUSE CVE-2019-12922

A CSRF issue in phpMyAdmin 4.9.0.1 allows deletion of any server in the Setup page...

CVE-2022-42993

Password Storage Application v1.0 was discovered to contain a cross-site scripting XSS vulnerability via the Setup page...

CVE-2022-42993

Password Storage Application v1.0 was discovered to contain a cross-site scripting XSS vulnerability via the Setup page...