CVE-2026-34127 Stored Cross-Site Scripting (XSS) via Configuration File Import on TP-Link's TL-SG108PE

A stored cross-site scripting XSS vulnerability has been identified in the web management interface of TP-Link's TL-SG108PE v5 switch due to improper sanitation of the SYSNAM configuration parameter during configuration file import. An attacker with administrator access can inject malicious scrip...

D-Link DGS-3420 跨站脚本漏洞

The D-Link DGS-3420 is a managed Gigabit Ethernet switch designed for enterprise networks by D-Link Corporation. The version 1.50.018 of the D-Link DGS-3420 contains a cross-site scripting vulnerability. This vulnerability arises from improper handling of the System Name parameter in the System...

CVE-2026-32840

Edimax GS-5008PL firmware version 1.00.54 and prior contain a stored cross-site scripting vulnerability in the systemnameset.cgi script that allows attackers to inject arbitrary script code by manipulating the sysName parameter. Attackers can send a crafted POST request with malicious script...

EUVD-2026-12651

Edimax GS-5008PL firmware version 1.00.54 and prior contain a stored cross-site scripting vulnerability in the systemnameset.cgi script that allows attackers to inject arbitrary script code by manipulating the sysName parameter. Attackers can send a crafted POST request with malicious script...

CVE-2023-1961

A vulnerability was found in SourceCodester Online Computer and Laptop Store 1.0. It has been classified as problematic. Affected is an unknown function of the file /admin/?page=systeminfo. The manipulation of the argument System Name leads to cross site scripting. It is possible to launch the...

Trimble SPS851 代码注入漏洞

The Trimble SPS851 is a modular GPS receiver from Trimble. A code injection vulnerability exists in the Trimble SPS851 version 488.01, which stems from the fact that incorrect manipulation of the parameter System Name can lead to cross-site scripting attacks...

CVE-2024-51008

Netgear XR300 v1.0.3.78 was discovered to contain a command injection vulnerability in the systemname parameter at wizdyn.cgi. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request...

NETGEAR XR300 安全漏洞

The NETGEAR XR300 is a wireless router from NETGEAR. A command injection vulnerability exists in NETGEAR XR300 v1.0.3.78, which stems from the systemname parameter in the geniedyn.cgi component failing to properly filter constructed command special characters, commands, and so on. An attacker cou...

NETGEAR XR300 安全漏洞

The NETGEAR XR300 is a wireless router from NETGEAR. NETGEAR XR300 version v1.0.3.78 suffers from a command injection vulnerability that stems from the systemname parameter in the wizdyn.cgi component failing to properly filter constructed command special characters, commands, and so on. An...

PT-2024-8274 · NetGear · Netgear Xr300

Name of the Vulnerable Software and Affected Versions: Netgear XR300 version 1.0.3.78 Description: The issue is related to a command injection vulnerability in the system name parameter at the "genie dyn.cgi" endpoint. This vulnerability allows attackers to execute arbitrary OS commands via a...

PT-2024-8535 · NetGear · Netgear Xr300

Name of the Vulnerable Software and Affected Versions: Netgear XR300 version 1.0.3.78 Description: The issue is related to a command injection vulnerability in the system name parameter at the "wiz dyn.cgi" endpoint. This vulnerability can be exploited by sending a specially crafted request,...

Online Computer and Laptop Store 跨站脚本漏洞

Online Computer and Laptop Store is an online computer and laptop store by Carlo Montero Personal Developer. A cross-site scripting vulnerability exists in Online Computer and Laptop Store version 1.0, which originates from a cross-site scripting vulnerability in the System Name parameter of the...