EUVD-2026-31651

A vulnerability was identified in Edimax BR-6478AC 1.23. Affected by this vulnerability is the function formAccept of the file /goform/formAccept of the component POST Request Handler. Such manipulation of the argument submit-url leads to command injection. It is possible to launch the attack...

CVE-2026-2857

A vulnerability was determined in D-Link DWR-M960 1.01.07. Affected by this issue is the function sub423E00 of the file /boafrm/formPortFw of the component Port Forwarding Configuration Endpoint. This manipulation of the argument submit-url causes stack-based buffer overflow. Remote exploitation ...

D-Link DWR-M920 安全漏洞

The D-Link DWR-M920 is a 4GLTE wireless router manufactured by Youxun D-Link. The D-Link DWR-M920 suffers from a buffer overflow vulnerability that originates from malicious manipulation of the submit-url parameter of the sub41C7FC function in the /boafrm/formPinManageSetup file. An attacker can...

EUVD-2025-25586

Malicious code in bioql PyPI...

CVE-2025-9782

CVE-2025-9782 affects TOTOLINK A702R firmware version 4.0.0-B20211108.1423. The issue is in the function sub_4466F8 of the file /boafrm/formOneKeyAccessButton, where manipulating the submit-url argument can cause a buffer overflow. This vulnerability can be exploited remotely, and public PoC/expl...

CVE-2025-4831

A vulnerability, which was classified as critical, was found in TOTOLINK A702R, A3002R and A3002RU 3.0.0-B20230809.1615. This affects an unknown part of the file /boafrm/formSiteSurveyProfile of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer...

TOTOLINK A720R、TOTOLINK A3002R和TOTOLINK A3002RU 安全漏洞

TOTOLINK A3002RU and others are products of China Gion Electronics TOTOLINK.TOTOLINK A3002RU is a wireless router product.TOTOLINK A720R is a wireless router.TOTOLINK A3002R is a wireless router.TOTOLINK A3002R is a wireless router. A security vulnerability exists in the TOTOLINK A720R, TOTOLINK...

PT-2023-17033 · Sourcecodester · Sourcecodester Simple/Nice Shopping Cart Script

Name of the Vulnerable Software and Affected Versions: SourceCodester Simple and Nice Shopping Cart Script version 1.0 Description: A critical issue affects the processing of the file uploaderm.php, where the manipulation of the submit argument leads to unrestricted upload. The attack can be...

CVE-2011-5179

Cross-site scripting XSS vulnerability in skysa-official/skysa.php in Skysa App Bar Integration plugin, possibly before 1.04, for WordPress allows remote attackers to inject arbitrary web script or HTML via the submit parameter...

CVE-2012-0901

Cross-site scripting XSS vulnerability in yousaytoo.php in YouSayToo auto-publishing plugin 1.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via the submit parameter...

CVE-2008-1550

Multiple cross-site scripting XSS vulnerabilities in index.php in CubeCart 4.2.1 allow remote attackers to inject arbitrary web script or HTML via 1 the a parameter in a searchStr action and the 2 Submit parameter...

CVE-2005-1782

Multiple cross-site scripting XSS vulnerabilities in BookReview beta 1.0 allow remote attackers to inject arbitrary web script or HTML via the node parameter to 1 addreview.htm, 2 suggestreview.htm, 3 suggestcategory.htm, 4 addbooklist.htm, or 5 addurl.htm, the isbn parameter to 6 addreview.htm, ...

CVE-2004-2656

Multiple cross-site scripting XSS vulnerabilities in Slashdot Like Automated Storytelling Homepage Slash aka Slashcode before R25041 allow remote attackers to inject arbitrary web script or HTML via 1 the topic parameter in search.pl and 2 the filter parameter in submit.pl...