CVE-2025-15094

A weakness has been identified in sunkaifei FlyCMS up to abbaa5a8daefb146ad4d61027035026b052cb414. The impacted element is the function userLogin of the file src/main/java/com/flycms/web/front/UserController.java of the component User Login. Executing a manipulation of the argument redirectUrl ca...

EUVD-2025-205405

A weakness has been identified in sunkaifei FlyCMS up to abbaa5a8daefb146ad4d61027035026b052cb414. The impacted element is the function userLogin of the file src/main/java/com/flycms/web/front/UserController.java of the component User Login. Executing manipulation of the argument redirectUrl can...

EUVD-2005-1747

Malware in sbrugna...

EUVD-2020-15901

Malware in sbrugna...

EUVD-2025-22532

Malicious code in bioql PyPI...

CVE-2025-41420

A cross-site scripting xss vulnerability exists in the userLogin cancelUri parameter functionality of WWBN AVideo 14.4 and dev master commit 8a8954ff. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to trigger this...

CVE-2025-41420

A cross-site scripting xss vulnerability exists in the userLogin cancelUri parameter functionality of WWBN AVideo 14.4 and dev master commit 8a8954ff. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to trigger this...

CVE-2025-41420

A cross-site scripting xss vulnerability exists in the userLogin cancelUri parameter functionality of WWBN AVideo 14.4 and dev master commit 8a8954ff. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to trigger this...

CVE-2025-41420

A cross-site scripting xss vulnerability exists in the userLogin cancelUri parameter functionality of WWBN AVideo 14.4 and dev master commit 8a8954ff. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to trigger this...

CVE-2025-41420

CVE-2025-41420 concerns WWBN AVideo 14.4 and the dev master commit 8a8954ff, where the PHP file view/userLogin.php mishandles the cancelUri parameter. This causes a reflected cross-site scripting (XSS) vulnerability: a specially crafted HTTP request can cause arbitrary Javascript execution when a...

PT-2025-30677 · Wwbn · Avideo

Name of the Vulnerable Software and Affected Versions: WWBN AVideo versions 14.4 and dev master commit 8a8954ff Description: A cross-site scripting xss vulnerability exists due to the improper handling of the cancelUri parameter within the userLogin functionality. A specially crafted HTTP request...

WWBN AVideo userLogin cancelUri parameter cross-site scripting (XSS) vulnerability

Talos Vulnerability Report TALOS-2025-2209 WWBN AVideo userLogin cancelUri parameter cross-site scripting XSS vulnerability July 24, 2025 CVE Number CVE-2025-41420 SUMMARY A cross-site scripting xss vulnerability exists in the userLogin cancelUri parameter functionality of WWBN AVideo 14.4 and de...

CVE-2020-15612

This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajaxftpmanager.php. When parsing the userLogin parameter, the process...

PT-2022-10327 · Tokheim · Tokheim Profleet Dialog

Name of the Vulnerable Software and Affected Versions: Tokheim Profleet DiaLOG version 11.005.02 Description: The issue is related to SQL Injection. The component affected is the Field UserLogin parameter on the logon page. Recommendations: For Tokheim Profleet DiaLOG version 11.005.02, consider...

CVE-2020-23148

The userLogin parameter in ldap/login.php of rConfig 3.9.5 is unsanitized, allowing attackers to perform a LDAP injection and obtain sensitive information via a crafted POST request...

CVE-2020-23148

The userLogin parameter in ldap/login.php of rConfig 3.9.5 is unsanitized, allowing attackers to perform a LDAP injection and obtain sensitive information via a crafted POST request...

rConfig 注入漏洞

rConfig is an open source network configuration management utility. A security vulnerability exists in rConfig that stems from the unfiltered userLogin parameter in ldap/login.php in version 3.9.5 of rConfig. An attacker can use this vulnerability to perform ldap injection and obtain sensitive...

CentOS Web Panel Code Execution Vulnerability

CentOS Web Panel CWP is a free web hosting control panel that makes it easy to manage multiple servers Dedicated and VPS without having to access the servers via SSH. A code execution vulnerability in the CentOS Web Panel cwp-e version 17.0.9.8.923, which stems from the ajaxftpmanager.php file no...

CVE-2020-15612

This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajaxftpmanager.php. When parsing the userLogin parameter, the process...

CVE-2020-15612

This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajaxftpmanager.php. When parsing the userLogin parameter, the process...