73 matches found
CVE-2026-34127 Stored Cross-Site Scripting (XSS) via Configuration File Import on TP-Link's TL-SG108PE
A stored cross-site scripting XSS vulnerability has been identified in the web management interface of TP-Link's TL-SG108PE v5 switch due to improper sanitation of the SYSNAM configuration parameter during configuration file import. An attacker with administrator access can inject malicious scrip...
CVE-2026-7026
A vulnerability was determined in D-Link DGS-3420 1.50.018. This issue affects some unknown processing of the component System Information Settings Page. This manipulation of the argument System Name causes cross site scripting. Remote exploitation of the attack is possible. The exploit has been...
CVE-2026-7026
A vulnerability was determined in D-Link DGS-3420 1.50.018. This issue affects some unknown processing of the component System Information Settings Page. This manipulation of the argument System Name causes cross site scripting. Remote exploitation of the attack is possible. The exploit has been...
CVE-2026-7026 D-Link DGS-3420 System Information Settings cross site scripting
A vulnerability was determined in D-Link DGS-3420 1.50.018. This issue affects some unknown processing of the component System Information Settings Page. This manipulation of the argument System Name causes cross site scripting. Remote exploitation of the attack is possible. The exploit has been...
CVE-2026-7026
A vulnerability was determined in D-Link DGS-3420 1.50.018. This issue affects some unknown processing of the component System Information Settings Page. This manipulation of the argument System Name causes cross site scripting. Remote exploitation of the attack is possible. The exploit has been...
PT-2026-35207
A vulnerability was determined in D-Link DGS-3420 1.50.018. This issue affects some unknown processing of the component System Information Settings Page. This manipulation of the argument System Name causes cross site scripting. Remote exploitation of the attack is possible. The exploit has been...
D-Link DGS-3420 跨站脚本漏洞
The D-Link DGS-3420 is a managed Gigabit Ethernet switch designed for enterprise networks by D-Link Corporation. The version 1.50.018 of the D-Link DGS-3420 contains a cross-site scripting vulnerability. This vulnerability arises from improper handling of the System Name parameter in the System...
CVE-2026-32840
Edimax GS-5008PL firmware version 1.00.54 and prior contain a stored cross-site scripting vulnerability in the systemnameset.cgi script that allows attackers to inject arbitrary script code by manipulating the sysName parameter. Attackers can send a crafted POST request with malicious script...
itsourcecode Online Frozen Foods Ordering System SQL注入漏洞
itsourcecode Online Frozen Foods Ordering System is an open-source online frozen food ordering system developed by itsourcecode. Version 1.0 of the system has a SQL injection vulnerability, which arises from incorrect handling of the parameter productname in the file admin/admin/editmenuaction.ph...
EUVD-2026-12651
Edimax GS-5008PL firmware version 1.00.54 and prior contain a stored cross-site scripting vulnerability in the systemnameset.cgi script that allows attackers to inject arbitrary script code by manipulating the sysName parameter. Attackers can send a crafted POST request with malicious script...
CVE-2026-32840
Edimax GS-5008PL firmware ≤ 1.00.54 contains a stored cross-site scripting vulnerability in system_name_set.cgi via the sysName parameter. A crafted POST enables script payloads that execute in administrators’ management pages (including system_data.js). Affected: GS-5008PL devices; impact descri...
CVE-2026-32840
Edimax GS-5008PL firmware version 1.00.54 and prior contain a stored cross-site scripting vulnerability in the systemnameset.cgi script that allows attackers to inject arbitrary script code by manipulating the sysName parameter. Attackers can send a crafted POST request with malicious script...
Edimax GS-5008PL 跨站脚本漏洞
The Edimax GS-5008PL is a Gigabit Ethernet switch produced by Edimax of Taiwan, China. Versions of the Edimax GS-5008PL prior to 1.00.54 contained a cross-site scripting vulnerability. This vulnerability stemmed from the systemnameset.cgi script, which had a storage-type cross-site scripting flaw...
CVE-2026-25073
XikeStor SKS8310-8X Network Switch firmware versions 1.04.B07 and prior contain a stored cross-site scripting vulnerability that allows authenticated attackers to inject arbitrary script content through the System Name field. Attackers can inject malicious scripts that execute in a victim's brows...
CVE-2026-25073
XikeStor SKS8310-8X Network Switch firmware versions 1.04.B07 and prior contain a stored cross-site scripting vulnerability that allows authenticated attackers to inject arbitrary script content through the System Name field. Attackers can inject malicious scripts that execute in a victim's brows...
CVE-2026-25073
XikeStor SKS8310-8X Network Switch firmware versions 1.04.B07 and prior contain a stored cross-site scripting vulnerability that allows authenticated attackers to inject arbitrary script content through the System Name field. Attackers can inject malicious scripts that execute in a victim's brows...
CVE-2026-25073 XikeStor SKS8310-8X Stored XSS via System Name
XikeStor SKS8310-8X Network Switch firmware versions 1.04.B07 and prior contain a stored cross-site scripting vulnerability that allows authenticated attackers to inject arbitrary script content through the System Name field. Attackers can inject malicious scripts that execute in a victim's brows...
CVE-2026-25073
XikeStor SKS8310-8X Network Switch firmware versions 1.04.B07 and prior contain a stored cross-site scripting vulnerability that allows authenticated attackers to inject arbitrary script content through the System Name field. Attackers can inject malicious scripts that execute in a victim's brows...
CVE-2026-25073 XikeStor SKS8310-8X Stored XSS via System Name
XikeStor SKS8310-8X Network Switch firmware versions 1.04.B07 and prior contain a stored cross-site scripting vulnerability that allows authenticated attackers to inject arbitrary script content through the System Name field. Attackers can inject malicious scripts that execute in a victim's brows...
CVE-2026-25073
Summary: CVE-2026-25073 affects XikeStor SKS8310-8X Network Switch firmware prior to 1.04.B07. A stored cross-site scripting vulnerability exists in the System Name field due to improper output encoding, allowing authenticated attackers to inject and execute scripts in a victim’s browser when the...