In pfSense CE /usr/local/www/suricata/suricata_filecheck.php, the value of the filehash parameter is directly displayed without sanitizing for HTML-related characters/strings. This can result in reflected cross-site scripting if the victim is authenticated. More information : https://github.com/pfsense/FreeBSD-ports/commit/97852ccfd201b24ee542be30af81272485fde0b4
In pfSense CE /usr/local/www/haproxy/haproxy_stats.php, the value of the showsticktablecontent parameter is displayed after being read from HTTP GET requests. This can enable reflected cross-site scripting when the victim is authenticated. More information : https://github.com/pfsense/FreeBSD-ports/commit/04d1328ab077830eb57a24bb7018c812b6358c64
XWiki Remote Macros provides XWiki rendering macros that are useful when migrating content from Confluence. Starting in version 1.0 and prior to version 1.26.5, missing escaping of the title in the confluence paste code...
Tenda G3 v3.0br_V15.11.0.17 was discovered to contain a stack overflow in the rules parameter in the dns_forward_rule_store function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. More...
The LB-Link BL-CPE300M AX300 4G LTE Router firmware version BL-R8800_B10_ALK_SL_V01.01.02P42U14_06 does not implement proper session handling. After a user authenticates from a specific IP address, the router grants access to any other client using...
XWiki Remote Macros provides XWiki rendering macros that are useful when migrating content from Confluence. Starting in version 1.0 and prior to version 1.26.5, missing escaping of the width parameter in the column macro...
XWiki Remote Macros provides XWiki rendering macros that are useful when migrating content from Confluence. Starting in version 1.0 and prior to version 1.26.5, missing escaping of the classes parameter in the panel macro...
XWiki Remote Macros provides XWiki rendering macros that are useful when migrating content from Confluence. Starting in version 1.0 and prior to version 1.26.5, missing escaping of the ac:type in the ConfluenceLayoutSection macro allows...
CWE-1242: Inclusion of Undocumented Features More information : https://www.gov.il/en/departments/dynamiccollectors/cve_advisories_listing?skip=0
CWE-1392: Use of Default Credentials More information : https://www.gov.il/en/departments/dynamiccollectors/cve_advisories_listing?skip=0
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor More information : https://www.gov.il/en/departments/dynamiccollectors/cve_advisories_listing?skip=0
CWE-798 Use of Hard-coded Credentials More information : https://www.gov.il/en/departments/dynamiccollectors/cve_advisories_listing?skip=0
Multiple CWE-78 More information : https://www.gov.il/en/departments/dynamiccollectors/cve_advisories_listing?skip=0
Use of Default Cryptographic Key (CWE-1394) More information : https://www.gov.il/en/departments/dynamiccollectors/cve_advisories_listing?skip=0