CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 2CVE-2015-2781 – HotExBilling Manager 73 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2015-2781
Cross-site scripting (XSS) vulnerability in cgi-bin/hotspotlogin.cgi in Hotspot Express hotEx Billing Manager 73 allows remote attackers to inject arbitrary web script or HTML via the reply parameter. Vulnerabilidad de XSS en cgi-bin/hotspotlogin.cgi en Hotspot Express hotEx Billing Manager 73 permite a atacantes remotos inyectar secuencias de comandos web arbitrarios o HTML a través del parámetro reply. HotExBilling Manager version 73 suffers from a cross site scripting vulnerability. • http://packetstormsecurity.com/files/131297/HotExBilling-Manager-73-Cross-Site-Scripting.html http://seclists.org/fulldisclosure/2015/Apr/18 http://www.securityfocus.com/archive/1/535186/100/0/threaded http://www.securityfocus.com/bid/73941 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2014-6887
https://notcve.org/view.php?id=CVE-2014-6887
The EXPRESS (aka com.gpshopper.express.android) application 2.5.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. La aplicación para Android EXPRESS (también conocido como com.gpshopper.express.android) 2.5.3 no verifica los certificados X.509 de los servidores SSL, lo que permite a atacantes man-in-the-middle suplantar servidores y obtener información sensible a través de un certificado manipulado. • http://www.kb.cert.org/vuls/id/582497 http://www.kb.cert.org/vuls/id/898329 https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing • CWE-310: Cryptographic Issues •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2006-2168
https://notcve.org/view.php?id=CVE-2006-2168
FileProtection Express 1.0.1 and earlier allows remote attackers to bypass authentication via a cookie with an Admin value of 1. • http://securityreason.com/securityalert/835 http://www.securityfocus.com/archive/1/432728/100/0/threaded http://www.securityfocus.com/bid/17786 https://exchange.xforce.ibmcloud.com/vulnerabilities/26225 •
CVSS: 4.3EPSS: 1%CPEs: 1EXPL: 1CVE-2005-4292
https://notcve.org/view.php?id=CVE-2005-4292
Cross-site scripting (XSS) vulnerability in CommerceSQL 1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search module parameters, possibly the keywords parameter in the Quick Find feature. • http://pridels0.blogspot.com/2005/12/commercesql-xss-vuln.html http://secunia.com/advisories/17932 http://www.osvdb.org/21717 http://www.securityfocus.com/bid/15888 http://www.vupen.com/english/advisories/2005/2920 •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1CVE-2004-2210
https://notcve.org/view.php?id=CVE-2004-2210
Multiple cross-site scripting (XSS) vulnerabilities in Express-Web Content Management System (CMS) allow remote attackers to steal cookie-based authentication information and possibly perform other exploits via the (1) n, (2) b, (3) e, or (4) a parameters to default.asp, (5) the Referer header in an HTTP request to login.asp, or (6) the email parameter to subscribe/default.asp. • http://www.maxpatrol.com/advdetails.asp?id=12 http://www.maxpatrol.com/mp_advisory.asp http://www.securityfocus.com/bid/11426 •