Lucene search
+L

31 matches found

Nuclei
Nuclei
added yesterday152 views

Dreambox WebControl 2.0.0 - Cross-Site Scripting

Dream Multimedia Dreambox devices via their WebControl component are vulnerable to reflected cross-site scripting, as demonstrated by the "Name des Bouquets" field, or the file parameter to the /file URI. id: CVE-2017-15287 info: name: Dreambox WebControl 2.0.0 - Cross-Site Scripting author:...

6.1CVSS6.3AI score0.06147EPSS
Exploits5References4
NVD
NVD
added 2026/06/30 10:16 a.m.12 views

CVE-2026-6954

Cross-Site Scripting XSS vulnerability in Intermark IT's WebControl CMS v3.5. This vulnerability allows an attacker to execute JavaScript code or inject a dynamic iframe into the victim’s browser by sending a malicious URL via the 'urlDestino' parameter in '/portal.do'. This vulnerability can be...

5.1CVSS0.00366EPSS
Exploits0References1
NVD
NVD
added 2026/06/30 10:16 a.m.8 views

CVE-2026-6953

HTML injection vulnerability in Intermark IT's WebControl CMS v3.5. This vulnerability allows an attacker to send an email containing malicious HTML code to a victim via the contact form. To exploit this vulnerability, the attacker must send a request using the 'nombreApellidos', 'dirección ', an...

5.1CVSS0.0036EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/30 8:54 a.m.7 views

CVE-2026-6954

Cross-Site Scripting XSS vulnerability in Intermark IT's WebControl CMS v3.5. This vulnerability allows an attacker to execute JavaScript code or inject a dynamic iframe into the victim’s browser by sending a malicious URL via the 'urlDestino' parameter in '/portal.do'. This vulnerability can be...

5.1CVSS5.9AI score0.00366EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/30 8:54 a.m.7 views

EUVD-2026-40271

Cross-Site Scripting XSS vulnerability in Intermark IT's WebControl CMS v3.5. This vulnerability allows an attacker to execute JavaScript code or inject a dynamic iframe into the victim’s browser by sending a malicious URL via the 'urlDestino' parameter in '/portal.do'. This vulnerability can be...

5.1CVSS5.9AI score0.00366EPSS
Exploits0References1
CVE
CVE
added 2026/06/30 8:54 a.m.16 views

CVE-2026-6954

CVE-2026-6954 describes a Cross-Site Scripting (XSS) vulnerability in Intermark IT's WebControl CMS v3.5. The issue enables an attacker to execute JavaScript or inject a dynamic iframe in a victim’s browser by sending a malicious URL via the ‘urlDestino’ parameter in /portal.do, potentially expos...

5.1CVSS5.9AI score0.00366EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/30 8:54 a.m.31 views

CVE-2026-6954 Multiple vulnerabilities in Intermark IT's WebControl CMS

Cross-Site Scripting XSS vulnerability in Intermark IT's WebControl CMS v3.5. This vulnerability allows an attacker to execute JavaScript code or inject a dynamic iframe into the victim’s browser by sending a malicious URL via the 'urlDestino' parameter in '/portal.do'. This vulnerability can be...

5.1CVSS0.00366EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/30 8:53 a.m.7 views

EUVD-2026-40270

HTML injection vulnerability in Intermark IT's WebControl CMS v3.5. This vulnerability allows an attacker to send an email containing malicious HTML code to a victim via the contact form. To exploit this vulnerability, the attacker must send a request using the 'nombreApellidos', 'dirección ', an...

5.1CVSS5.8AI score0.0036EPSS
Exploits0References1
CVE
CVE
added 2026/06/30 8:53 a.m.13 views

CVE-2026-6953

CVE-2026-6953 describes an HTML injection in Intermark IT's WebControl CMS v3.5. The vulnerability allows an attacker to send HTML-containing content to a victim via the contact form by crafting a request to /processContact.do with parameters such as nombreApellidos, dirección, and comentarios. A...

5.1CVSS5.8AI score0.0036EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/30 8:53 a.m.33 views

CVE-2026-6953 Multiple vulnerabilities in Intermark IT's WebControl CMS

HTML injection vulnerability in Intermark IT's WebControl CMS v3.5. This vulnerability allows an attacker to send an email containing malicious HTML code to a victim via the contact form. To exploit this vulnerability, the attacker must send a request using the 'nombreApellidos', 'dirección ', an...

5.1CVSS0.0036EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/30 8:53 a.m.7 views

CVE-2026-6953

HTML injection vulnerability in Intermark IT's WebControl CMS v3.5. This vulnerability allows an attacker to send an email containing malicious HTML code to a victim via the contact form. To exploit this vulnerability, the attacker must send a request using the 'nombreApellidos', 'dirección ', an...

5.1CVSS5.8AI score0.0036EPSS
Exploits0References2
NVD
NVD
added 2026/03/21 12:16 a.m.7 views

CVE-2026-32666

WebCTRL systems that communicate over BACnet inherit the protocol's lack of network layer authentication. WebCTRL does not implement additional validation of BACnet traffic so an attacker with network access could spoof BACnet packets directed at either the WebCTRL server or associated...

7.5CVSS0.00328EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/11/20 9:36 p.m.9 views

CVE-2024-8527

Open Redirect in URL parameter in Automated Logic WebCTRL and Carrier i-Vu versions 6.0, 6.5, 7.0, 8.0, 8.5, 9.0 may allow attackers to exploit user sessions...

8.6CVSS6.9AI score0.00142EPSS
Exploits0References1
Openbugbounty
Openbugbounty
added 2024/01/24 2:19 a.m.14 views

webcontrol.avv.com Cross Site Scripting vulnerability OBB-3842325

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score
Exploits0
OSV
OSV
added 2023/07/16 5:15 p.m.5 views

CVE-2023-38378

The web interface on the RIGOL MSO5000 digital oscilloscope with firmware 00.01.03.00.03 allows remote attackers to execute arbitrary code via shell metacharacters in pass1 to the webcontrol changepwd.cgi application...

9.8CVSS6.1AI score0.01227EPSS
Exploits1References2
OSV
OSV
added 2023/07/16 5:15 p.m.5 views

CVE-2023-38379

The web interface on the RIGOL MSO5000 digital oscilloscope with firmware 00.01.03.00.03 allows remote attackers to change the admin password via a zero-length pass0 to the webcontrol changepwd.cgi application, i.e., the entered password only needs to match the first zero characters of the saved...

7.5CVSS5.8AI score0.00586EPSS
Exploits1References2
NVD
NVD
added 2023/07/16 5:15 p.m.33 views

CVE-2023-38379

The web interface on the RIGOL MSO5000 digital oscilloscope with firmware 00.01.03.00.03 allows remote attackers to change the admin password via a zero-length pass0 to the webcontrol changepwd.cgi application, i.e., the entered password only needs to match the first zero characters of the saved...

7.5CVSS0.00586EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2023/07/16 5:15 p.m.5 views

CVE-2023-38378

The web interface on the RIGOL MSO5000 digital oscilloscope with firmware 00.01.03.00.03 allows remote attackers to execute arbitrary code via shell metacharacters in pass1 to the webcontrol changepwd.cgi application...

9.8CVSS7.8AI score0.01227EPSS
Exploits1References3
NVD
NVD
added 2023/07/16 5:15 p.m.23 views

CVE-2023-38378

The web interface on the RIGOL MSO5000 digital oscilloscope with firmware 00.01.03.00.03 allows remote attackers to execute arbitrary code via shell metacharacters in pass1 to the webcontrol changepwd.cgi application...

9.8CVSS0.01227EPSS
Exploits1References2
Cvelist
Cvelist
added 2023/07/16 12:0 a.m.28 views

CVE-2023-38378

The web interface on the RIGOL MSO5000 digital oscilloscope with firmware 00.01.03.00.03 allows remote attackers to execute arbitrary code via shell metacharacters in pass1 to the webcontrol changepwd.cgi application...

9.9AI score0.01227EPSS
Exploits1References2
Rows per page
Query Builder