CVE-2020-19202

An authenticated Stored XSS Cross-site Scripting exists in the "captive.cgi" Captive Portal via the "Title of Login Page" text box or "TITLE" parameter in IPFire 2.21 x8664 - Core Update 130. It allows an authenticated WebGUI user with privileges to execute Stored Cross-site Scripting in the...

Secomea GateManager Cross-Site Scripting Vulnerability

GateManager is a VPN server from Secomea. A cross-site scripting vulnerability exists in the web GUI of Secomea GateManager versions prior to 9.4. The vulnerability stems from improper input validation. An attacker can exploit the vulnerability to execute arbitrary javascript code...

Secomea GateManager Cross-Site Scripting Vulnerability (CNVD-2021-15490)

GateManager is a VPN server from Secomea. A cross-site scripting vulnerability exists in the web GUI of Secomea GateManager versions prior to 9.4. An attacker can exploit this vulnerability to inject arbitrary javascript code...

CVE-2020-29030

Cross-Site Request Forgery CSRF vulnerability in web GUI of Secomea GateManager allows an attacker to execute malicious code. This issue affects: Secomea GateManager All versions prior to 9.4...

CVE-2020-29028

Cross-site Scripting XSS vulnerability in web GUI of Secomea GateManager allows an attacker to inject arbitrary javascript code. This issue affects: Secomea GateManager all versions prior to 9.4...

CVE-2020-29029

Improper Input Validation, Cross-site Scripting XSS vulnerability in Web GUI of Secomea GateManager allows an attacker to execute arbitrary javascript code. This issue affects: Secomea GateManager all versions prior to 9.4...

CVE-2020-29030

Cross-Site Request Forgery CSRF vulnerability in web GUI of Secomea GateManager allows an attacker to execute malicious code. This issue affects: Secomea GateManager All versions prior to 9.4...

Cross site scripting

Cross-site Scripting XSS vulnerability in web GUI of Secomea GateManager allows an attacker to inject arbitrary javascript code. This issue affects: Secomea GateManager all versions prior to 9.4...

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in web GUI of Secomea GateManager allows an attacker to execute malicious code. This issue affects: Secomea GateManager All versions prior to 9.4...

CVE-2020-29030

CVE-2020-29030 is a CSRF vulnerability in the web GUI of Secomea GateManager, affecting all versions prior to 9.4. The connected records confirm a Cross-Site Request Forgery condition that lets an attacker cause the gateway to execute malicious code via the GateManager web interface. The core aff...

CVE-2020-29028 Reflected XSS issues

Cross-site Scripting XSS vulnerability in web GUI of Secomea GateManager allows an attacker to inject arbitrary javascript code. This issue affects: Secomea GateManager all versions prior to 9.4...

CVE-2020-29029 XSS issue due to insufficient sanitization of input field

Improper Input Validation, Cross-site Scripting XSS vulnerability in Web GUI of Secomea GateManager allows an attacker to execute arbitrary javascript code. This issue affects: Secomea GateManager all versions prior to 9.4...

CVE-2020-29029

Summary of CVE-2020-29029 : The vulnerability is an XSS/backdoor-like risk in the Web GUI of Secomea GateManager caused by improper input validation. Affects Secomea GateManager versions before 9.4. Impact stated across sources as arbitrary JavaScript execution in the user’s browser without authe...

Kazi Mehedi docker-web-gui 操作系统命令注入漏洞

Kazi Mehedi docker-web-gui is Kazi Mehedi an open source application . It provides a simple GUI interface for Docker containers. rakibtg Docker Dashboard suffers from an operating system command injection vulnerability that allows commands to be injected into the backend tool terminal.js via shel...

CVE-2021-26724 Authenticated command injection when changing date settings or hostname in Guardian/CMC before 20.0.7.4

OS Command Injection vulnerability when changing date settings or hostname using web GUI of Nozomi Networks Guardian and CMC allows authenticated administrators to perform remote code execution. This issue affects: Nozomi Networks Guardian 20.0.7.3 version 20.0.7.3 and prior versions. Nozomi...

CVE-2021-26725

Summary of CVE-2021-26725 (Nozomi Networks Guardian/CMC): A path traversal vulnerability exists in the web GUI timezone setting that, when accessed by an authenticated administrator, can read protected system files. Affected: Nozomi Networks Guardian and CMC up to version 20.0.7.3. Root cause det...

CVE-2020-14563

Vulnerability in the Oracle Enterprise Communications Broker product of Oracle Communications Applications component: WebGUI. Supported versions that are affected are 3.0.0-3.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle...

Cisco Content Security Management Appliance Input Validation Error Vulnerability

Cisco Content Security Management Appliance SMA is a set of content security management equipment from Cisco Cisco. The appliance is mainly used to manage all policies, reports, audit information, etc. for e-mail and Web security devices. An input validation error vulnerability exists in the...

AssassinGo

This is an extensible and concurrency pentest framework in Go, also with a WebGUI. It is an offensive tool for Network Scanning, Vulnerability Scanning, and Information Gathering. The primary CVE ID is not specified in the provided context. The target product/service is not explicitly stated, but...

CVE-2014-4981

LPAR2RRD in 3.5 and earlier allows remote attackers to execute arbitrary commands due to insufficient input sanitization of the web GUI parameters...