Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) fail to include the X-Content-Type-Options: nosniff response header on web management interfaces. As a result, browsers t
Shenzhen Tenda F3 Wireless Router firmware V12.01.01.55_multi contains a content-type confusion vulnerability in the administrative interface. Responses omit the X-Content-Type-Options: nosniff header
A vulnerability exists in OTRS and ((OTRS Community Edition)) that fail to set the HTTP response header X-Content-Type-Options to nosniff. An attacker could exploit this vulnerability by uploading or
Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) serve sensitive administrative content without appropriate cache-control directives. As a result, browsers may store cred
A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation.
This product does not
specify MIME types. When an attacker performs a content sniffing attack,
malicious scri
Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) contain a stored cross-site scripting vulnerability in the user creation functionality. Insufficient input validation all
Shenzhen Tenda AC7 firmware version V03.03.03.01_cn and prior contain an improper output encoding vulnerability in the web management interface. User-supplied input is reflected in HTTP responses with
Shenzhen Tenda F3 Wireless Router firmware V12.01.01.55_multi contains a sensitive information exposure vulnerability in the configuration download functionality. The configuration download response i
Shenzhen Tenda F3 Wireless Router firmware V12.01.01.55_multi contains a clickjacking vulnerability in the web-based administrative interface. The interface does not set the X-Frame-Options header, al
Shenzhen Tenda AC7 firmware version V03.03.03.01_cn and prior expose account credentials in plaintext within HTTP responses, allowing an on-path attacker to obtain sensitive authentication material.
n8n is a workflow automation platform. Prior to version 1.90.0, n8n is vulnerable to stored cross-site scripting (XSS) through the attachments view endpoint. n8n workflows can store and serve binary f
Jirafeau normally prevents browser preview for text files due to the possibility that for example SVG and HTML documents could be exploited for cross site scripting. This was done by storing the MIME
Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the mimetypes parameter to /cgi-bin/proxypolicy.cgi. An authenticated attacker can inject arbitrary JavaScript that
A reflected cross-site scripting (XSS) vulnerability in the CGI program "dynamic_script.cgi" of Zyxel ATP series firmware versions from V4.32 through V5.38, USG FLEX series firmware versions from V4.5
Tenda W30E V16.01.0.19 (5037) was discovered to contain a stack overflow in the v17 parameter in the UploadCfg function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a cr
Incorrect Content-Type header in one of the APIs (`text/html` instead of `application/json`) replies may potentially allow injection of HTML/JavaScript into reply.This issue affects BLU-IC2: through 1
HCL BigFix Service Management (SM) is affected by a security misconfiguration due to a missing or insecure “X-Content-Type-Options” header. This could allow browsers to perform MIME-type sniffing, po
HCL BigFix Service Management (SM) is affected by a security misconfiguration due to a missing or insecure “X-Content-Type-Options” header. This could allow browsers to perform MIME-type sniffing, po
A cross-site scripting (XSS) vulnerability in the RT-N10E/ RT-N12E 2.0.0.x firmware . This vulnerability caused by improper input validation and can be triggered via the manipulation of the SSID argu
A vulnerability was found in Tenda W12 3.0.0.7(4763). This issue affects the function cgiSysWebTimeoutSet of the file /bin/httpd of the component Web Management Interface. The manipulation of the argu
Page 1+ Next →