6 matches found
EUVD-2024-46631
Malicious code in bioql PyPI...
CVE-2024-5409
RhinOS 3.0-1190 is vulnerable to an XSS via the "tamper" parameter in /admin/lib/phpthumb/phpthumb.php. An attacker could create a malicious URL and send it to a victim to obtain their session details...
CVE-2024-5409
RhinOS 3.0-1190 is vulnerable to an XSS via the "tamper" parameter in /admin/lib/phpthumb/phpthumb.php. An attacker could create a malicious URL and send it to a victim to obtain their session details...
PT-2024-36025 · Rhinos +1 · Rhinos +1
Name of the Vulnerable Software and Affected Versions: RhinOS versions 3.0-1190 Description: The issue allows for an XSS attack via the tamper parameter in the "/admin/lib/phpthumb/phpthumb.php" API endpoint. An attacker could create a malicious URL and send it to a victim to obtain their session...
RhinOS 跨站脚本漏洞
RhinOS is a web development framework. A cross-site scripting vulnerability exists in RhinOS version 3.0-1190, which originates from an easy cross-site scripting XSS attack via the tamper parameter in /admin/lib/phpthumb/phpthumb.php, which allows an attacker to create malicious URLs in order to...
CVE-2020-6879
Some ZTE devices have input verification vulnerabilities. The devices support configuring a static prefix through the web management page. The restriction of the front-end code can be bypassed by constructing a POST request message and sending the request to the creation of a static routing rule...