π¨ CVE-2021-27715
An issue was discovered in MoFi Network MOFI4500-4GXeLTE-V2 3.5.6-xnet-5052 allows attackers to bypass the authentication and execute arbitrary code via crafted HTTP request.
π@cveNotify
An issue was discovered in MoFi Network MOFI4500-4GXeLTE-V2 3.5.6-xnet-5052 allows attackers to bypass the authentication and execute arbitrary code via crafted HTTP request.
π@cveNotify
Nagarro
MoFi CVE-2021-27715 Security Advisory| Cyber Security | Nagarro
An issue discovered in MoFi Network MOFI4500-4GXeLTE-V2 3.5.6-xnet-5052 allows attackers to bypass the authentication and execute arbitrary code via crafted HTTP requests.
π¨ CVE-2023-39637
D-Link DIR-816 A2 1.10 B05 was discovered to contain a command injection vulnerability via the component /goform/Diagnosis.
π@cveNotify
D-Link DIR-816 A2 1.10 B05 was discovered to contain a command injection vulnerability via the component /goform/Diagnosis.
π@cveNotify
π¨ CVE-2023-41013
Cross Site Scripting (XSS) in Webmail Calendar in IceWarp 10.3.1 allows remote attackers to inject arbitrary web script or HTML via the "p4" field.
π@cveNotify
Cross Site Scripting (XSS) in Webmail Calendar in IceWarp 10.3.1 allows remote attackers to inject arbitrary web script or HTML via the "p4" field.
π@cveNotify
Medium
CVE-2023β41013
Introduction
π¨ CVE-2023-40984
A reflected cross-site scripting (XSS) vulnerability in the File Manager function of Webmin v2.100 allows attackers to execute malicious scripts via injecting a crafted payload into the Replace in Results file.
π@cveNotify
A reflected cross-site scripting (XSS) vulnerability in the File Manager function of Webmin v2.100 allows attackers to execute malicious scripts via injecting a crafted payload into the Replace in Results file.
π@cveNotify
GitHub
Webmin-2.100/CVE-2023-40984 at main Β· Vi39/Webmin-2.100
Webmin is a web-based server management control panel for Unix-like systems - Vi39/Webmin-2.100
π¨ CVE-2023-40985
An issue was discovered in Webmin 2.100. The File Manager functionality allows an attacker to exploit a Cross-Site Scripting (XSS) vulnerability. By providing a malicious payload, an attacker can inject arbitrary code, which is then executed within the context of the victim's browser when any file is searched/replaced.
π@cveNotify
An issue was discovered in Webmin 2.100. The File Manager functionality allows an attacker to exploit a Cross-Site Scripting (XSS) vulnerability. By providing a malicious payload, an attacker can inject arbitrary code, which is then executed within the context of the victim's browser when any file is searched/replaced.
π@cveNotify
GitHub
Webmin-2.100/CVE-2023-40985 at main Β· Vi39/Webmin-2.100
Webmin is a web-based server management control panel for Unix-like systems - Vi39/Webmin-2.100
π¨ CVE-2023-40986
A stored cross-site scripting (XSS) vulnerability in the Usermin Configuration function of Webmin v2.100 allows attackers to execute arbitrary web sripts or HTML via a crafted payload injected into the Custom field.
π@cveNotify
A stored cross-site scripting (XSS) vulnerability in the Usermin Configuration function of Webmin v2.100 allows attackers to execute arbitrary web sripts or HTML via a crafted payload injected into the Custom field.
π@cveNotify
GitHub
Webmin-2.100/CVE-2023-40986 at main Β· Vi39/Webmin-2.100
Webmin is a web-based server management control panel for Unix-like systems - Vi39/Webmin-2.100
π¨ CVE-2023-40982
A stored cross-site scripting (XSS) vulnerability in Webmin v2.100 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the cloned module name parameter.
π@cveNotify
A stored cross-site scripting (XSS) vulnerability in Webmin v2.100 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the cloned module name parameter.
π@cveNotify
GitHub
Webmin-2.100/CVE-2023-40982 at main Β· Vi39/Webmin-2.100
Webmin is a web-based server management control panel for Unix-like systems - Vi39/Webmin-2.100
π¨ CVE-2023-40983
A reflected cross-site scripting (XSS) vulnerability in the File Manager function of Webmin v2.100 allows attackers to execute malicious scripts via injecting a crafted payload into the Find in Results file.
π@cveNotify
A reflected cross-site scripting (XSS) vulnerability in the File Manager function of Webmin v2.100 allows attackers to execute malicious scripts via injecting a crafted payload into the Find in Results file.
π@cveNotify
GitHub
Webmin-2.100/CVE-2023-40983 at main Β· Vi39/Webmin-2.100
Webmin is a web-based server management control panel for Unix-like systems - Vi39/Webmin-2.100
π¨ CVE-2023-41595
An issue in xui-xray v1.8.3 allows attackers to obtain sensitive information via default password.
π@cveNotify
An issue in xui-xray v1.8.3 allows attackers to obtain sensitive information via default password.
π@cveNotify
π¨ CVE-2023-39039
An information leak in Camp Style Project Line v13.6.1 allows attackers to obtain the channel access token and send crafted messages.
π@cveNotify
An information leak in Camp Style Project Line v13.6.1 allows attackers to obtain the channel access token and send crafted messages.
π@cveNotify
π¨ CVE-2023-39040
An information leak in Cheese Cafe Line v13.6.1 allows attackers to obtain the channel access token and send crafted messages.
π@cveNotify
An information leak in Cheese Cafe Line v13.6.1 allows attackers to obtain the channel access token and send crafted messages.
π@cveNotify
π¨ CVE-2023-39043
An information leak in YKC Tokushima_awayokocho Line v13.6.1 allows attackers to obtain the channel access token and send crafted messages.
π@cveNotify
An information leak in YKC Tokushima_awayokocho Line v13.6.1 allows attackers to obtain the channel access token and send crafted messages.
π@cveNotify
π¨ CVE-2023-39058
An information leak in THE_B_members card v13.6.1 allows attackers to obtain the channel access token and send crafted messages.
π@cveNotify
An information leak in THE_B_members card v13.6.1 allows attackers to obtain the channel access token and send crafted messages.
π@cveNotify
π¨ CVE-2023-39046
An information leak in TonTon-Tei_waiting Line v13.6.1 allows attackers to obtain the channel access token and send crafted messages.
π@cveNotify
An information leak in TonTon-Tei_waiting Line v13.6.1 allows attackers to obtain the channel access token and send crafted messages.
π@cveNotify
π¨ CVE-2023-39049
An information leak in youmart-tokunaga v13.6.1 allows attackers to obtain the channel access token and send crafted messages.
π@cveNotify
An information leak in youmart-tokunaga v13.6.1 allows attackers to obtain the channel access token and send crafted messages.
π@cveNotify
π¨ CVE-2023-39056
An information leak in Coffee-jumbo v13.6.1 allows attackers to obtain the channel access token and send crafted messages.
π@cveNotify
An information leak in Coffee-jumbo v13.6.1 allows attackers to obtain the channel access token and send crafted messages.
π@cveNotify
π¨ CVE-2023-42399
Cross Site Scripting vulnerability in xdsoft.net Jodit Editor v.4.0.0-beta.86 allows a remote attacker to obtain sensitive information via the rich text editor component.
π@cveNotify
Cross Site Scripting vulnerability in xdsoft.net Jodit Editor v.4.0.0-beta.86 allows a remote attacker to obtain sensitive information via the rich text editor component.
π@cveNotify
GitHub
CVE-2023-42399 Β· Issue #1017 Β· xdan/jodit
CVE IDοΌ CVE-2023-42399 PRODUCTοΌ JoditEditor < v.4.0.0-beta.86 DETAILSοΌ Jodit Editor v.4.0.0 beta.86 has an XSS vulnerability where the rich text editor does not completely filter out malicious X...
π¨ CVE-2023-40931
A SQL injection vulnerability in Nagios XI from version 5.11.0 up to and including 5.11.1 allows authenticated attackers to execute arbitrary SQL commands via the ID parameter in the POST request to /nagiosxi/admin/banner_message-ajaxhelper.php
π@cveNotify
A SQL injection vulnerability in Nagios XI from version 5.11.0 up to and including 5.11.1 allows authenticated attackers to execute arbitrary SQL commands via the ID parameter in the POST request to /nagiosxi/admin/banner_message-ajaxhelper.php
π@cveNotify
Outpost24
Nagios XI vulnerabilities resulting in privilege escalation (& more)
Outpost24 has identified four vulnerabilities in Nagios XI, three of which result in privilege escalation.
π¨ CVE-2023-40932
A Cross-site scripting (XSS) vulnerability in Nagios XI version 5.11.1 and below allows authenticated attackers with access to the custom logo component to inject arbitrary javascript or HTML via the alt-text field. This affects all pages containing the navbar including the login page which means the attacker is able to to steal plaintext credentials.
π@cveNotify
A Cross-site scripting (XSS) vulnerability in Nagios XI version 5.11.1 and below allows authenticated attackers with access to the custom logo component to inject arbitrary javascript or HTML via the alt-text field. This affects all pages containing the navbar including the login page which means the attacker is able to to steal plaintext credentials.
π@cveNotify
Outpost24
Nagios XI vulnerabilities resulting in privilege escalation (& more)
Outpost24 has identified four vulnerabilities in Nagios XI, three of which result in privilege escalation.
π¨ CVE-2023-40933
A SQL injection vulnerability in Nagios XI v5.11.1 and below allows authenticated attackers with announcement banner configuration privileges to execute arbitrary SQL commands via the ID parameter sent to the update_banner_message() function.
π@cveNotify
A SQL injection vulnerability in Nagios XI v5.11.1 and below allows authenticated attackers with announcement banner configuration privileges to execute arbitrary SQL commands via the ID parameter sent to the update_banner_message() function.
π@cveNotify
Outpost24
Nagios XI vulnerabilities resulting in privilege escalation (& more)
Outpost24 has identified four vulnerabilities in Nagios XI, three of which result in privilege escalation.
π¨ CVE-2023-38886
An issue in Dolibarr ERP CRM v.17.0.1 and before allows a remote privileged attacker to execute arbitrary code via a crafted command/script.
π@cveNotify
An issue in Dolibarr ERP CRM v.17.0.1 and before allows a remote privileged attacker to execute arbitrary code via a crafted command/script.
π@cveNotify
Magellan SΓ©curitΓ©
Magellan SΓ©curitΓ©, integrating protection solutions
Magellan SΓ©curitΓ© implements operational security solutions to help you face current and future threats. Find out more ...