CGI::Simple versions before 1.282 for Perl has a HTTP response splitting flaw
This vulnerability is a confirmed HTTP response splitting flaw in CGI::Simple that allows HTTP response header injection,
HTTP response splitting in the core of Apache HTTP Server allows an attacker who can manipulate the Content-Type response headers of applications hosted or proxied by the server can split the HTTP res
A Reflected Cross-Site Scripting (XSS) vulnerability exists in the /index.cgi endpoint of International Datacasting Corporation (IDC) SFX Series SuperFlex Satellite Receiver Web Management Interface v
A template injection vulnerability leading to reflected cross-site scripting (XSS) has been identified in version 1.7.1, requiring authenticated admin access for exploitation. The vulnerability exists
A vulnerability, which was classified as critical, was found in Netcore NBR1005GPEV2, B6V2, COVER5, NAP830, NAP930, NBR100V2, NBR200V2 and POWER13 up to 20250508. This affects an unknown part of the f
This vulnerability exist in PPC 2K15X Router, due to improper input validation for the Common Gateway Interface (CGI) parameters at its web management portal. A remote attacker could exploit this vuln
A cross-site scripting (reflected XSS) vulnerability was found in Mettler Toledo FreeWeight.Net Web Reports Viewer 8.4.0 (440). It allows an attacker to inject malicious scripts via the IW_SessionID_
A CRLF injection vulnerability exists in the OAuth2 AuthorizationUtils class. When constructing the WWW-Authenticate response header, the 'realm' parameter is concatenated without sanitizing Carriage
A stored cross-site scripting (XSS) vulnerability exists in the web management interface of the PPC (Belden) ONT 2K05X router running firmware v1.1.9_206L. The Common Gateway Interface (CGI) component
A Reflected Cross-Site Scripting (XSS) vulnerability in the /IDC_Logging/index.cgi endpoint of International Datacasting Corporation (IDC) SFX Series SuperFlex SatelliteReceiver Web Management Interfa
A CRLF injection vulnerability in E-Staff v5.1 allows attackers to insert Carriage Return (CR) and Line Feed (LF) characters into input fields, leading to HTTP response splitting and header manipulati
A reflected XSS vulnerability exists in CMSimple_XH 1.8's index.php router when attacker-controlled path segments are not sanitized or encoded before being inserted into the generated HTML (navigation
A vulnerability in the web-based Cisco IOx application hosting environment management interface of Cisco IOS XE Software could allow an unauthenticated, remote attacker to perform a carriage return li
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Greg – SiteOrigin Simple Proxy simple-proxy allows Reflected XSS.This issue affects Simple Proxy:
A stack-based buffer overflow exists in the get_merge_mac function of the httpd binary on Linksys E1200 v2 routers (Firmware E1200_v2.0.11.001_us.tar.gz). The function concatenates up to six user-supp
A security flaw has been discovered in Totolink A7100RU 7.4cu.2313_b20191024. The affected element is the function setWizardCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performin
Due to missing input sanitization, an attacker can perform cross-site-scripting attacks and run arbitrary Javascript in the browser of other users. The "File Name" page (/cgi/uset.cgi?-cfilename) in t
HTTP.jl is an HTTP client and server functionality for the Julia programming language. Prior to version 1.10.19, HTTP.jl did not validate header names/values for illegal characters, allowing CRLF-base
Cross-Site Scripting (XSS) vulnerability was discovered in the GSVoIP web panel version 2.0.90. The `msg` parameter in the `/painel/gateways.php/error` endpoint does not properly sanitize user-supplie
A stored cross-site scripting (XSS) vulnerability in Simple Machines Forum v2.1.6 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Forum Name paramete
Page 1+ Next →