12 matches found
CVE-2024-33101
A stored cross-site scripting XSS vulnerability in the component /action/anti.php of ThinkSAAS v3.7.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the word parameter...
CVE-2024-40456
ThinkSAAS v3.7.0 was discovered to contain a SQL injection vulnerability via the name parameter at \system\action\update.php...
CVE-2024-40456
ThinkSAAS v3.7.0 contains an SQL injection vulnerability exploitable via the name parameter in /system/action/update.php. Root cause described in connected sources as insufficient validation of external input in that endpoint. CVSS v3.1 base score 9.8 (CRITICAL) with network attack vector, no pri...
CVE-2024-40456
ThinkSAAS v3.7.0 was discovered to contain a SQL injection vulnerability via the name parameter at \system\action\update.php...
CVE-2024-40456
ThinkSAAS v3.7.0 was discovered to contain a SQL injection vulnerability via the name parameter at \system\action\update.php...
CVE-2024-33102
A stored cross-site scripting XSS vulnerability in the component /pubs/counter.php of ThinkSAAS v3.7.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the code parameter...
CVE-2024-33101
A stored cross-site scripting XSS vulnerability in the component /action/anti.php of ThinkSAAS v3.7.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the word parameter...
CVE-2024-33101
A stored cross-site scripting XSS vulnerability in the component /action/anti.php of ThinkSAAS v3.7.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the word parameter...
CVE-2021-25939
In ArangoDB, versions v3.7.0 through v3.9.0-alpha.1 have a feature which allows downloading a Foxx service from a publicly available URL. This feature does not enforce proper filtering of requests performed internally, which can be abused by a highly-privileged attacker to perform blind SSRF and...
CVE-2021-25939
In ArangoDB, versions v3.7.0 through v3.9.0-alpha.1 have a feature which allows downloading a Foxx service from a publicly available URL. This feature does not enforce proper filtering of requests performed internally, which can be abused by a highly-privileged attacker to perform blind SSRF and...
Fieldcomm Group HART-IP and hipserver
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Fieldcomm Group Equipment: HARP-IP Developer kit, hipserver Vulnerability: Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could crash the device being...
APC Switched Rack PDU Cross Site Scripting
APC Switched Rack PDU XSS Vulnerability By Jamal Pecou jpecou at gmail dot c0m. Product Info Product InfoTested Versions Model = AP7932 Harware Revision = B2 Application Module Name = rpdu Version = v3.3.3Tested First Version = 3.7.0Current APC OS AOS Name = aos Version = v3.3.4 Vulnerability XSS...