D-Link DIR-822 Rev.B 202KRb06, DIR-822 Rev.C 3.10B06, DIR-860L Rev.B 2.03.B03, DIR-868L Rev.B 2.05B02, DIR-880L Rev.A 1.20B01_01_i3se_BETA, and DIR-890L Rev.A 1.21B02_BETA devices mishandle IsAccessPoint in /HNAP1/SetAccessPointMode. In the SetAccessPointMode.php source code, the IsAccessPoint parameter is...
In the /HNAP1/SetRouterSettings message, the RemotePort parameter is vulnerable, and the vulnerability affects D-Link DIR-818LW Rev.A 2.05.B03 and DIR-822 B1 202KRb06 devices. In the SetRouterSettings.php source code, the RemotePort parameter is saved in the...
Simditor through 2.3.21 allows DOM XSS via an onload attribute within a malformed SVG element. Date published : 2019-05-13 https://github.com/hkglue/simditor_demo.git https://github.com/hkglue/simditor_dom_xss/blob/master/README.md
On Virgin Media wireless router 3.0 hub devices, the web interface is vulnerable to denial of service. When POST requests are sent and keep the connection open, the router lags and becomes unusable to...
An issue was discovered in Easy File Sharing (EFS) Web Server 7.2. A stack-based buffer overflow vulnerability occurs when a malicious POST request has been made to forum.ghp upon creating a new topic in...
The Kieran O’Shea Calendar plugin before 1.3.11 for WordPress has Stored XSS via the event_title parameter in a wp-admin/admin.php?page=calendar add action, or the category name during category creation at the wp-admin/admin.php?page=calendar-categories URI. Date published...
An issue was discovered in Espressif ESP-IDF 2.x and 3.x before 3.0.6 and 3.1.x before 3.1.1. Insufficient validation of input data in the 2nd stage bootloader allows a physically proximate attacker to bypass secure...
Evernote 6.15 on Windows has an incorrectly repaired stored XSS vulnerability. An attacker can use this XSS issue to inject Node.js code under Present mode. After a victim opens an affected note under Present...
Typesetter 5.1 allows XSS via the index.php/Admin LABEL parameter during new page creation. Date published : 2019-05-13 https://github.com/security-provensec/CVE-2018-16639
index.php/Admin/Classes in Typesetter 5.1 allows XSS via the description of a new class name. Date published : 2019-05-13 https://github.com/security-provensec/CVE-2018-16626
index.php/Admin/Uploaded in Typesetter 5.1 allows XSS via an SVG file with JavaScript in a SCRIPT element. Date published : 2019-05-13 https://github.com/security-provensec/CVE-2018-16625
panel/pages/home/edit in Kirby v2.5.12 allows XSS via the title of a new page. Date published : 2019-05-13 https://github.com/security-breachlock/CVE-2018-16624/blob/master/CVE-2018-16624.pdf
Kirby V2.5.12 is prone to a Persistent XSS attack via the Title of the "Site options" in the admin panel dashboard dropdown. Date published : 2019-05-13 https://github.com/security-breachlock/CVE-2018-16623/blob/master/CVE-2018-16623.pdf
Cross-site scripting (XSS) vulnerability in BIBLIOsoft BIBLIOpac 2008 allows remote attackers to inject arbitrary web script or HTML via the db or action parameter to to bin/wxis.exe/bibliopac/. Date published : 2019-05-13 https://www.0x90.zone/web/xss/2019/02/01/XSS-Bibliosoft.html