Cisco Secure Firewall Adaptive Security Appliance和Cisco Secure Firewall Threat Defense 安全漏洞

Cisco Secure Firewall Adaptive Security Appliance and Cisco Secure Firewall Threat Defense are products of Cisco, a US company. Cisco Secure Firewall Adaptive Security Appliance is an enterprise-level firewall software. Cisco Secure Firewall Threat Defense is an integrated firewall platform. Both...

CVE-2022-50951

WiFi File Transfer 1.0.8 contains a persistent cross-site scripting vulnerability that allows remote attackers to inject malicious script codes through file and folder names. Attackers can exploit the web server's input validation weakness to execute arbitrary JavaScript when users preview infect...

CVE-2022-50951 WiFi File Transfer 1.0.8 Persistent XSS via Web Server Input Validation

WiFi File Transfer 1.0.8 contains a persistent cross-site scripting vulnerability that allows remote attackers to inject malicious script codes through file and folder names. Attackers can exploit the web server's input validation weakness to execute arbitrary JavaScript when users preview infect...

VulnCheck KEV: CVE-2026-20045

A vulnerability in Cisco Unified Communications Manager Unified CM, Cisco Unified Communications Manager Session Management Edition Unified CM SME, Cisco Unified Communications Manager IM & Presence Service Unified CM IM&P, Cisco Unity Connection, and Cisco Webex Calling Dedicated Instance could...

Eaton xComfort ECI 安全漏洞

The Eaton xComfort ECI is an Ethernet communication interface device from Eaton Corporation USA. A security vulnerability exists in the Eaton xComfort ECI that stems from improper validation of web interface endpoint inputs, which could allow an attacker with network access rights to execute...

PT-2025-52737

Name of the Vulnerable Software and Affected Versions Eaton xComfort ECI affected versions not specified Description A flaw exists in the input validation process of a web interface endpoint within Eaton xComfort ECI. This could allow an attacker with network access to the device to execute...

Cisco Enterprise Chat and Email 跨站脚本漏洞

Cisco Enterprise Chat and Email Cisco ECE is a suite of enterprise chat and email solutions from Cisco. The product provides email, chat, and web callback functionality for other Cisco solutions. A cross-site scripting vulnerability exists in Cisco Enterprise Chat and Email that stems from the we...

PT-2024-7898

Name of the Vulnerable Software and Affected Versions Spring Cloud Function versions 4.0.x prior to 4.0.8 Spring Cloud Function versions 4.1.x prior to 4.1.2 Description The issue is related to insufficient input validation in the Spring Cloud Function web module. This can be exploited by a remot...

CVE-2022-45090 SQL Injection in Smartpower Web

Improper Input Validation vulnerability in Group Arge Energy and Control Systems Smartpower Web allows SQL Injection. This issue affects Smartpower Web: before 23.01.01...

Reprise Software Reprise License Manager 注入漏洞

Reprise Software Reprise License Manager is a software licensing toolkit from Reprise Software, Inc. that provides local and cloud-based license management, license enforcement and product activation solutions for publishers of commercial software applications. An injection vulnerability exists i...

Hikvision Hybrid SAN/Cluster Storage 命令注入漏洞

Hikvision Hybrid SAN/Cluster Storage Products is a line of cost-effective and reliable hybrid SAN Storage Area Network products from Hikvision, a China-based company. A security vulnerability exists in Hikvision Hybrid SAN/Cluster Storage that stems from insufficient input validation in the web...

Aruba Instant 操作系统命令注入漏洞

Aruba Instant is a wireless network. Providing the only Wi-Fi solution that is easy to set up, Aruba Instant is vulnerable to a command injection vulnerability, which is caused by incorrect input validation in the web interface. An attacker could exploit the vulnerability to send a carefully...

Cisco Modeling Labs 参数注入漏洞

Cisco Modeling Labs is a software application from the American company Cisco Cisco. A local network simulation tool that runs on workstations and servers. Cisco Modeling Labs suffers from a parameter injection vulnerability that stems from insufficient validation of user-supplied web UI input,...

CVE-2020-3355

A vulnerability in the web-based management interface of Cisco Data Center Network Manager DCNM could allow an authenticated, remote attacker with administrative credentials to conduct a cross-site scripting XSS attack against a user of the interface. The vulnerability is due to insufficient inpu...

SAP NetWeaver AS ABAP Business Server Cross-Site Scripting Vulnerability

SAP NetWeaver AS ABAP Business Server is an application server for ABAP Advanced Business Application Programming from SAP, Germany. A cross-site scripting vulnerability exists in SAP NetWeaver AS ABAP Business Server. The vulnerability stems from a lack of proper validation of client data by the...

NETGEAR JGS516PE Cross-Site Scripting Vulnerability

The NETGEAR JGS516PE is a switch from NETGEAR. A cross-site scripting vulnerability exists in the NETGEAR JGS516PE prior to version 2.6.0.43. The vulnerability stems from a WEB application that lacks proper validation of client data. An attacker can exploit the vulnerability to execute client-sid...

NETCORE Netis DL4323 Cross-Site Scripting Vulnerability (CNVD-2020-01649)

NETCORE Netis DL4323 is a multi-function modem from China's NETCORE. A cross-site scripting vulnerability exists in the NETCORE Netis DL4323, which stems from the lack of proper validation of client data by the WEB application, and can be exploited by an attacker to execute client code...

FusionPBX Cross-Site Scripting Vulnerability (CNVD-2019-44257)

FusionPBX is a scalable, multi-threaded communications platform. The platform can be used as a call center server, fax server, VOIP server, voicemail server, conference server and voice application server. A cross-site scripting vulnerability exists in FusionPBX. The vulnerability stems from the...

The vulnerability of the Cisco Prime Infrastructure network monitoring and management system arises from insufficient validation of data entered by users through the management web interface. This allows attackers to execute arbitrary code or gain access to confidential information.

The vulnerability of the Cisco Prime Infrastructure network monitoring and management system is related to insufficient verification of data entered by users through the web management interface. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code or gain access ...

DIGISOL SYSTEMS Wireless Wifi Home Router HR-3300 Cross-Site Scripting Vulnerability

DIGISOL SYSTEMS Wireless Wifi Home Router HR-3300 is a home wireless router from DIGISOL SYSTEMS India. A cross-site scripting vulnerability exists in the DIGISOL SYSTEMS Wireless Wifi Home Router HR-3300. The vulnerability stems from the lack of proper validation of client data by the WEB...