CVE-2025-52206

ISPConfig 3.3.0 is vulnerable to Cross Site Scripting XSS via the system status webpage...

CVE-2026-22678

Webmin before 2.641 contains a stored cross-site scripting vulnerability in the email template description field of the System and Server Status module that allows low-privileged authenticated attackers to execute arbitrary JavaScript in the browser context of administrators by injecting...

CVE-2026-22678

Webmin before 2.641 contains a stored cross-site scripting vulnerability in the email template description field of the System and Server Status module that allows low-privileged authenticated attackers to execute arbitrary JavaScript in the browser context of administrators by injecting...

CVE-2026-22678 Webmin < 2.641 Stored XSS via System and Server Status

Webmin before 2.641 contains a stored cross-site scripting vulnerability in the email template description field of the System and Server Status module that allows low-privileged authenticated attackers to execute arbitrary JavaScript in the browser context of administrators by injecting...

CVE-2026-22678

Webmin

CVE-2026-22678 Webmin < 2.641 Stored XSS via System and Server Status

Webmin before 2.641 contains a stored cross-site scripting vulnerability in the email template description field of the System and Server Status module that allows low-privileged authenticated attackers to execute arbitrary JavaScript in the browser context of administrators by injecting...

Webmin 跨站脚本漏洞

Webmin is a set of web-based system management tools for Unix-like operating systems, developed by the Webmin community. Versions of Webmin prior to 2.641 contained a cross-site scripting vulnerability. This vulnerability stemmed from the email template description field in the System and Server...

PT-2026-42550

Webmin before 2.641 contains a stored cross-site scripting vulnerability in the email template description field of the System and Server Status module that allows low-privileged authenticated attackers to execute arbitrary commands by injecting unsanitized input stored in save tmpl.cgi and...

EUVD-2025-209641

ISPConfig 3.3.0 is vulnerable to Cross Site Scripting XSS via the system status webpage...

CVE-2025-52206

ISPConfig 3.3.0 is vulnerable to Cross Site Scripting XSS via the system status webpage...

CVE-2025-52206

ISPConfig 3.3.0 is vulnerable to Cross Site Scripting XSS via the system status webpage...

CVE-2025-52206

ISPConfig 3.3.0 is vulnerable to Cross Site Scripting XSS via the system status webpage...

PT-2026-37054

Name of the Vulnerable Software and Affected Versions ISPConfig version 3.3.0 Description Cross Site Scripting XSS is possible via the system status webpage. Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability...

CVE-2025-52206

ISPConfig 3.3.0 is vulnerable to Cross Site Scripting XSS via the system status webpage...

CVE-2025-52206

ISPConfig 3.3.0 is vulnerable to Cross Site Scripting (XSS) via the system status webpage. The vulnerability affects the ISPConfig system-status UI, specifically the monitor/show_sys_state.php endpoint (state=server&server=[removed]...), allowing reflected user-supplied input to execute script in...

ISPConfig 跨站脚本漏洞

ISPConfig is a set of open-source host control panels based on Linux by the ISPConfig company. It allows for the management of multiple servers through a web-based control panel, the creation of websites, and the monitoring of server status. Version 3.3.0 of ISPConfig contains a cross-site...

CVE-2026-29510

Hereta ETH-IMC408M firmware version 1.0.15 and prior contain a stored cross-site scripting vulnerability that allows authenticated attackers to inject arbitrary JavaScript by manipulating the Device Name field. Attackers can inject malicious scripts through the System Status interface that execut...

CVE-2026-29513

Hereta ETH-IMC408M firmware version 1.0.15 and prior contain a stored cross-site scripting vulnerability that allows authenticated attackers to inject arbitrary JavaScript by manipulating the Device Location field. Attackers can inject malicious scripts through the System Status interface that...

EUVD-2026-12460

Hereta ETH-IMC408M firmware version 1.0.15 and prior contain a stored cross-site scripting vulnerability that allows authenticated attackers to inject arbitrary JavaScript by manipulating the Device Location field. Attackers can inject malicious scripts through the System Status interface that...

EUVD-2026-12458

Hereta ETH-IMC408M firmware version 1.0.15 and prior contain a stored cross-site scripting vulnerability that allows authenticated attackers to inject arbitrary JavaScript by manipulating the Device Name field. Attackers can inject malicious scripts through the System Status interface that execut...