The vulnerability in the script htdocs/webinc/body/bsc_sms_send.php of the D-Link DIR-860L, DIR-865L, DIR-868L, DIR-880L routers allows a attacker to execute an XSS attack.

The vulnerability in the script htdocs/webinc/body/bscsmssend.php of the D-Link DIR-860L, DIR-865L, DIR-868L, and DIR-880L routers is related to improper validation of input data. Exploiting this vulnerability allows an attacker to execute XSS attacks through a specially created parameter for the...

Sql injection

Tabit - arbitrary SMS send on Tabits behalf. The resend OTP API of tabit allows an adversary to send messages on tabits behalf to anyone registered on the system - the API receives the parameters: phone number, and CustomMessage, We can use that API to craft malicious messages to any user of the...

CVE-2022-34771 Tabit - arbitrary SMS send on Tabits behalf

Tabit - arbitrary SMS send on Tabits behalf. The resend OTP API of tabit allows an adversary to send messages on tabits behalf to anyone registered on the system - the API receives the parameters: phone number, and CustomMessage, We can use that API to craft malicious messages to any user of the...

CVE-2022-34771

CVE-2022-34771 concerns Tabit’s resend OTP API, which accepts parameters including a phone number and a CustomMessage. The connected sources describe an adversary being able to send messages on Tabit’s behalf to any registered user, potentially enabling template injection (e.g., using {{OTP}} in ...

lscat.cn XSS vulnerability

Vulnerable URL: http://www.lscat.cn/smstemplete/smssend.php?jsoncallback=prompt/OPENBUGBOUNTY/...