PT-2025-40379

Name of the Vulnerable Software and Affected Versions AndSoft e-TMS version 25.03 Description A cross-site scripting XSS issue exists that allows an attacker to execute JavaScript code in a victim’s browser. This is achieved by sending a malicious URL. The vulnerability is reflected in the...

Saho ADM100和ADM-100FP 访问控制错误漏洞

Saho ADM100 and Saho ADM-100FP are both full-featured security appliances from China's Saho Corporation. An access control error vulnerability exists in the Saho ADM100 and ADM-100FP, which stems from the lack of authentication for critical functions, and can be exploited by remote attackers to...

Monstra CMS Insecure Direct Object Reference Vulnerability

Monstra CMS is a lightweight PHP-based content management system CMS developed by Ukrainian software developer Sergey Romanenko. The system is easy to install and use, scalable and so on. An insecure direct object reference vulnerability exists in Monstra CMS version 3.0.4, which can be exploited...

Mozilla Firefox Cross-Site Scripting Vulnerability (CNVD-2018-12400)

Mozilla Firefox is an open source web browser developed by the Mozilla Foundation in the United States. A cross-site scripting vulnerability exists in Mozilla Firefox versions prior to 59, where the program fails to properly validate user-submitted input. The vulnerability can be exploited by a...

GPON Home Routers Security Bypass Vulnerability

Dasan GPON is a home router product from Dasan Korea. A security vulnerability exists in the Dasan GPON home router. An attacker can exploit the vulnerability to bypass authentication by adding '?images' to any URL of the device...