100 matches found
Yifang CMS 安全漏洞
Yifang CMS is a PHP enterprise website development and construction management system from China Yifang Company. A security vulnerability exists in Yifang CMS 2.0.2 and earlier versions, which stems from a cross-site scripting attack due to incorrect operation of the parameter Default Value...
CVE-2024-44845
DrayTek Vigor3900 v1.5.1.6 was discovered to contain an authenticated command injection vulnerability via the value parameter in the filterstring function...
CVE-2022-43165
A stored cross-site scripting XSS vulnerability in the Global Variables feature /index.php?module=globalvars/vars of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Value parameter after clicking "Create"...
CVE-2021-39412
Multiple Cross Site Scripting XSS vulnerabilities exists in PHPGurukul Shopping v3.1 via the 1 callback parameter in a serverside/scripts/idjsonp.php, b serverside/scripts/jsonp.php, and c scripts/objectsjsonp.php, the 2 value parameter in examplessupport/editableajax.php, and the 3 PHPSELF...
CVE-2019-14343
TemaTres 3.0 has stored XSS via the value parameter to the vocab/admin.php?vocabularioid=list URI...
Jiuhua MayiCMS 注入漏洞
Jiuhua MayiCMS is a categorized information system from Jiuhua Corporation in China. An injection vulnerability exists in Jiuhua MayiCMS 5.8E and earlier versions, which originates from SQL injection due to incorrect manipulation of the parameter Value in file/javascript.php...
PT-2025-16116 · WordPress · Everest Forms
Name of the Vulnerable Software and Affected Versions: Everest Forms – Contact Form, Quiz, Survey, Newsletter & Payment Form Builder for WordPress versions up to, and including, 3.1.1 Description: The vulnerability allows unauthenticated attackers to inject a PHP Object via deserialization of...
The vulnerability of the set_sys_init() function in the login.cgi script of the Wavlink AC3000 router microprogramming system (WL-WN533A8) allows a hacker to execute arbitrary commands.
The vulnerability of the setsysinit function in the login.cgi script of the Wavlink AC3000 WL-WN533A8 router microprogramming system is related to the lack of data cleaning measures at the control level when processing the restartminvalue parameter. Exploiting this vulnerability allows a remote...
PT-2024-39585 · WordPress · Dpd Baltic Shipping
Name of the Vulnerable Software and Affected Versions: DPD Baltic Shipping plugin for WordPress versions up to, and including, 1.2.83 Description: The issue is related to Reflected Cross-Site Scripting via the search value parameter due to insufficient input sanitization and output escaping. This...
PT-2024-39616
Name of the Vulnerable Software and Affected Versions OFCMS version 1.1.2 Description A problematic vulnerability has been found in OFCMS, affecting the add function of the file "/admin/system/dict/add.json?sqlid=system.dict.save". The manipulation of the dict value argument leads to cross-site...
CVE-2024-44845
DrayTek Vigor3900 v1.5.1.6 was discovered to contain an authenticated command injection vulnerability via the value parameter in the filterstring function...
DrayTek Vigor3900 安全漏洞
DrayTek Vigor3900 is a high-performance router for enterprise networks from China DrayTek. A security vulnerability exists in the DrayTek Vigor3900 v1.5.1.6, which originates from an authenticated command injection vulnerability via the value parameter in the filterstring function...
CVE-2024-6353
The Wallet for WooCommerce plugin for WordPress is vulnerable to SQL Injection via the 'searchvalue' parameter in all versions up to, and including, 1.5.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possib...
Online Book System SQL注入漏洞
Online Book System is an online booking system. A SQL injection vulnerability exists in code-projects Online Book System version 1.0, which originates from a SQL injection vulnerability in the value parameter of the /Product.php file...
Online Book System 跨站脚本漏洞
Online Book System is an online booking system. A cross-site scripting vulnerability exists in code-projects Online Book System version 1.0, which stems from a cross-site scripting vulnerability in the value parameter of the /Product.php file...
jose2go Security Vulnerabilities
jose2go is a Golang implementation of the Javascript object signing and encryption specification for individual developers at DV. A security vulnerability exists in jose2go versions prior to 1.6.0, which originated from a vulnerability that allows an attacker to cause a denial of service via a...
CVE-2023-51126
Command injection vulnerability in /usr/www/res.php in FLIR AX8 up to 1.46.16 allows attackers to run arbitrary commands via the value parameter. NOTE: The vendor has stated that with the introduction of firmware version 1.49.16 Jan 2023 the FLIR AX8 should no longer be affected by the...
Teledyne FLIR AX8 Command Injection Vulnerability
Teledyne FLIR AX8 is a series of thermal surveillance cameras from Teledyne FLIR USA. The Teledyne FLIR AX8 suffers from a command injection vulnerability that stems from an arbitrary command execution vulnerability in the value parameter of the /usr/www/res.php page...
PT-2024-14053 · Flir · Flir Ax8
Name of the Vulnerable Software and Affected Versions: FLIR AX8 versions up to 1.46.16 Description: A command injection issue exists in the /usr/www/res.php file, allowing attackers to execute arbitrary commands by manipulating the value parameter. Recommendations: For FLIR AX8 versions up to...
CVE-2023-43705
Os Commerce is currently susceptible to a Cross-Site Scripting XSS vulnerability. This vulnerability allows attackers to inject JS through the "translationvalue1" parameter, potentially leading to unauthorized execution of scripts within a user's web browser...