9 matches found
CVE-2025-0076
In multiple locations, there is a possible way to view icons belonging to another user due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2025-0076
In multiple locations, there is a possible way to view icons belonging to another user due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2025-0076
In multiple locations, there is a possible way to view icons belonging to another user due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...
ASUS RT-AX88U Cross-Site Scripting Vulnerability (CNVD-2023-63441)
The ASUS RT-AX88U is a wireless router from Asus China. The ASUS RT-AX88U suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data by the Custom User Icons feature, which can be exploited by an attacker to perform a store...
CVE-2023-34360
A stored cross-site scripting XSS issue was discovered within the Custom User Icons functionality of ASUS RT-AX88U running firmware versions 3.0.0.4.388.23110 and prior. After a remote attacker logging in device with regular user privilege, the remote attacker can perform a Stored Cross-site...
PT-2023-7549 · Asus · Asus Rt-Ax88U
Name of the Vulnerable Software and Affected Versions: ASUS RT-AX88U versions 3.0.0.4.388.23110 and prior Description: A stored cross-site scripting XSS issue was discovered within the Custom User Icons functionality. After a remote attacker logs in to the device with regular user privilege, they...
ASUS RT-AX88U 跨站脚本漏洞
The ASUS RT-AX88U is a wireless router from Asus China. The ASUS RT-AX88U suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data by the Custom User Icons feature, which can be exploited by an attacker to perform a store...
PT-2022-7786 · Unknown · Yuna Scatari Tbdev
Name of the Vulnerable Software and Affected Versions: Yuna Scatari TBDev versions up to 2.1.17 Description: A vulnerability has been found in Yuna Scatari TBDev, classified as problematic. The issue affects the function get user icons of the file usersearch.php. The manipulation of the argument...
CVE-2017-9279 NetIQ Identity Manager allowed uploading of user icons with incorrect types or extensions
NetIQ Identity Manager before 4.5.6.1 allowed uploading files with double extensions or non-image content in the Themes handling of the User Application Administration, allowing malicious user administrators to potentially execute code or mislead users...