8 matches found
CVE-2026-20742
An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into requests sent to the templates route...
EUVD-2026-8943
An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into requests sent to the templates route...
CVE-2026-20742
An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into requests sent to the templates route...
CVE-2026-20742
An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into requests sent to the templates route...
CVE-2026-20742
An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into requests sent to the templates route...
CVE-2026-20742 Copeland XWEB and XWEB Pro OS Command Injection
An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into requests sent to the templates route...
CVE-2026-20742
CVE-2026-20742 is an OS command injection affecting XWEB Pro prior to 1.12.1. An authenticated attacker can trigger remote code execution by sending crafted input to the templates route. Affected product is XWEB Pro (Copeland XWEB family) with confirmed exposure in versions before 1.12.1. CVSS me...
PT-2026-22249
Name of the Vulnerable Software and Affected Versions XWEB Pro versions prior to 1.12.1 Description A flaw exists that allows a logged-in attacker to execute code remotely on a system. This is achieved by injecting malicious input into requests sent to the /templates route. The issue is an OS...