11772 results (0.007 seconds)

CVSS: 8.6EPSS: %CPEs: 1EXPL: 0

02 Jun 2025 — Remote authenticated attackers can gain arbitrary code execution with elevated privileges. • https://www.onekey.com/resource/security-advisory-remote-command-execution-on-netcomm-ntc-6200-and-nwl-222 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •

CVSS: 5.1EPSS: %CPEs: 3EXPL: 1

02 Jun 2025 — A vulnerability classified as problematic was found in juzaweb CMS up to 3.4.2. Affected by this vulnerability is an unknown functionality of the file /admin-cp/file-manager/upload of the component Profile Page. The manipulation of the argument Upload leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/Cyber-Wo0dy/report/blob/main/juzawebcms/3.4.2/juzawebcms_avatar_xss.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 5.1EPSS: %CPEs: 2EXPL: 1

01 Jun 2025 — A vulnerability classified as problematic has been found in Mist Community Edition up to 4.7.1. Affected is the function Login of the file src/mist/api/views.py of the component Authentication Endpoint. The manipulation of the argument return_to leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/Stolichnayer/mist-ce-open-redirect • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 5.1EPSS: %CPEs: 2EXPL: 1

01 Jun 2025 — A vulnerability was found in Mist Community Edition up to 4.7.1. It has been rated as problematic. This issue affects the function tag_resources of the file src/mist/api/tag/views.py. The manipulation of the argument tag leads to cross site scripting. The attack may be initiated remotely. • https://github.com/Stolichnayer/mist-ce-xss • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 4.8EPSS: %CPEs: -EXPL: 1

01 Jun 2025 — A vulnerability has been found in chaitak-gorai Blogbook up to 92f5cf90f8a7e6566b576fe0952e14e1c6736513 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /register_script.php. The manipulation of the argument fullname leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/rllvusgnzm98/Report/blob/main/blogbook/BlogBook%20Stored%20XSS%20in%20User%20Registration%20via%20fullname%20Parameter%20Leading%20to%20Admin%20Account%20Takeover.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 5.1EPSS: %CPEs: -EXPL: 1

01 Jun 2025 — A vulnerability, which was classified as problematic, has been found in chaitak-gorai Blogbook up to 92f5cf90f8a7e6566b576fe0952e14e1c6736513. This issue affects some unknown processing of the file /post.php. The manipulation of the argument comment_author/comment_email/comment_content leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/rllvusgnzm98/Report/blob/main/blogbook/BlogBook%20post.php%20Stored%20Cross-Site%20Scripting%20(XSS)%20in%20Comment%20Functionality%20Leading%20to%20Admin%20and%20User%20Account%20Takeover.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 4.8EPSS: 0%CPEs: 3EXPL: 1

31 May 2025 — A vulnerability was found in Yifang CMS up to 2.0.2 and classified as problematic. Affected by this issue is some unknown functionality of the component Article Management Module. The manipulation of the argument Default Value leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. • https://gitee.com/wanglongcn/yifang/issues/IC41YQ • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0

31 May 2025 — A vulnerability classified as problematic has been found in Astun Technology iShare Maps 5.4.0. This affects an unknown part of the file mycouncil2.aspx. The manipulation of the argument atTxtStreet leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://vuldb.com/?ctiid.310671 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0

31 May 2025 — A vulnerability was found in Astun Technology iShare Maps 5.4.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file historic1.asp. The manipulation of the argument Zoom leads to cross site scripting. The attack may be launched remotely. • https://vuldb.com/?ctiid.310670 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

29 May 2025 — Prior to version 1.8.178, FreeScout is vulnerable to code injection due to insufficient validation of user input in the php_path parameter. • https://github.com/freescout-help-desk/freescout/commit/fb33d672a2d67f5a2b3cf69c80945267f17908b2 • CWE-94: Improper Control of Generation of Code ('Code Injection') •