CVE-2026-3188

A security flaw has been discovered in feiyuchuixue sz-boot-parent up to 1.3.2-beta. This affects an unknown part of the file /api/admin/common/download/templates of the component API. Performing a manipulation of the argument templateName results in path traversal. Remote exploitation of the...

CVE-2026-3188

CVE-2026-3188 affects feiyuchuixue sz-boot-parent up to version 1.3.2-beta. The vulnerability resides in the API endpoint /api/admin/common/download/templates, where manipulating the templateName parameter can cause path traversal and enable remote exploitation. Public exploits exist. Remediation...

Sz-Admin 路径遍历漏洞

Sz-Admin is a mid-backend management software developed by INS6+ individual developers. Versions of Sz-Admin such as 1.3.2-beta and earlier contained a path traversal vulnerability. This vulnerability stemmed from incorrect handling of the parameter templateName in...

EUVD-2022-33301

Malicious code in bioql PyPI...

EUVD-2022-33304

Malicious code in bioql PyPI...

CVE-2022-28867

An issue was discovered in Nokia NetAct 22 through the Administration of Measurements website section. A malicious user can edit or add the templateName parameter in order to include JavaScript code, which is then stored and executed by a victim's web browser. The most common mechanism for...

CVE-2022-28864

An issue was discovered in Nokia NetAct 22 through the Administration of Measurements website section. A malicious user can edit or add the templateName parameter in order to include malicious code, which is then downloaded as a .csv or .xlsx file and executed on a victim machine. Here, the...

CVE-2022-28867

An issue was discovered in Nokia NetAct 22 through the Administration of Measurements website section. A malicious user can edit or add the templateName parameter in order to include JavaScript code, which is then stored and executed by a victim's web browser. The most common mechanism for...

CVE-2022-28864

An issue was discovered in Nokia NetAct 22 through the Administration of Measurements website section. A malicious user can edit or add the templateName parameter in order to include malicious code, which is then downloaded as a .csv or .xlsx file and executed on a victim machine. Here, the...

CVE-2022-28867

An issue was discovered in Nokia NetAct 22 through the Administration of Measurements website section. A malicious user can edit or add the templateName parameter in order to include JavaScript code, which is then stored and executed by a victim's web browser. The most common mechanism for...

CVE-2022-28867

An issue was discovered in Nokia NetAct 22 through the Administration of Measurements website section. A malicious user can edit or add the templateName parameter in order to include JavaScript code, which is then stored and executed by a victim's web browser. The most common mechanism for...

CVE-2022-28867

An issue was discovered in Nokia NetAct 22 through the Administration of Measurements website section. A malicious user can edit or add the templateName parameter in order to include JavaScript code, which is then stored and executed by a victim's web browser. The most common mechanism for...

PT-2023-12954 · Nokia · Nokia Netact

Name of the Vulnerable Software and Affected Versions: Nokia NetAct version 22 Description: An issue was discovered in the Administration of Measurements website section, where a malicious user can edit or add the templateName parameter to include malicious code. This code is then downloaded as a...

Nokia NetAct 跨站脚本漏洞

Nokia NetAct is a network management system from Nokia of Finland. A security vulnerability exists in Nokia NetAct version 22 that originates from a vulnerability that allows an attacker to edit or add the templateName parameter to include JavaScript code, which is then stored and executed by the...

Nokia NetAct 安全漏洞

Nokia NetAct is a network management system from the Finnish company Nokia. A security vulnerability exists in Nokia NetAct version 22 that originates from a vulnerability that allows an attacker to edit or add the templateName parameter to include malicious code, which can then be downloaded as ...

CVE-2018-20420

In webERP 4.15, ZCreateCompanyTemplateFile.php has Incorrect Access Control, leading to the overwrite of an existing .sql file on the target web site by creating a template and then using ../ directory traversal in the TemplateName parameter...

CVE-2005-3823

The Users module in vTiger CRM 4.2 and earlier allows remote attackers to execute arbitrary PHP code via an arbitrary file in the templatename parameter, which is passed to the eval function...

CVE-2005-3823

CVE-2005-3823 affects vTiger CRM 4.2 and earlier. The Users module allows remote attackers to execute arbitrary PHP code via an arbitrary file in the templatename parameter, which is passed to eval. The connected sources provide no explicit remediation details; update/patch information is not inc...