CVE-2026-33733 EspoCRM has Admin TemplateManager path traversal that allows arbitrary file read write and delete

EspoCRM is an open source customer relationship management application. Prior to version 9.3.4, the admin template management endpoints accept attacker-controlled name and scope values and pass them into template path construction without normalization or traversal filtering. As a result, an...

Canon Oce Colorwave 500 Cross-Site Scripting Vulnerability (CNVD-2020-18990)

The Canon Oce Colorwave 500 is a printer from Canon Japan. A cross-site scripting vulnerability exists in the /TemplateManager/indexExternalLocation.jsp file of the web application in Canon Oce Colorwave 500 version 4.0.0.0. The vulnerability stems from the WEB application lacking proper validati...

CVE-2020-10667

The web application exposed by the Canon Oce Colorwave 500 4.0.0.0 printer is vulnerable to Stored XSS in /TemplateManager/indexExternalLocation.jsp. The vulnerable parameter is maptemplatename. NOTE: this is fixed in the latest version...

Cross site scripting

The web application exposed by the Canon Oce Colorwave 500 4.0.0.0 printer is vulnerable to Stored XSS in /TemplateManager/indexExternalLocation.jsp. The vulnerable parameter is maptemplatename. NOTE: this is fixed in the latest version...