CVE-2023-27135
TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the enabled parameter at /setting/setWanIeCfg.
Source: CVE-2023-27135
[월:] 2023년 03월
CVE-2023-27078
CVE-2023-27078
A command injection issue was found in TP-Link MR3020 v.1_150921 that allows a remote attacker to execute arbitrary commands via a crafted request to the tftp endpoint.
Source: CVE-2023-27078
CVE-2022-47589
CVE-2022-47589
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in this.Functional CTT Expresso para WooCommerce plugin <= 3.2.11 versions.
Source: CVE-2022-47589
CVE-2022-28491
CVE-2022-28491
TOTOLink outdoor CPE CP900 V6.3c.566_B20171026 contains a command injection vulnerability in the NTPSyncWithHost function via the host_name parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
Source: CVE-2022-28491
CVE-2022-28493
CVE-2022-28493
A vulnerability in TOTOLINK CP900 V6.3c.566 allows attackers to start the Telnet service,
Source: CVE-2022-28493
CVE-2023-22702
CVE-2023-22702
Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in WPMobile.App WPMobile.App — Android and iOS Mobile Application plugin <= 11.13 versions.
Source: CVE-2023-22702
CVE-2023-23728
CVE-2023-23728
Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in Winwar Media WP Flipclock plugin <= 1.7.4 versions.
Source: CVE-2023-23728
CVE-2023-23722
CVE-2023-23722
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Winwar Media WP eBay Product Feeds plugin <= 3.3.1 versions.
Source: CVE-2023-23722
CVE-2023-22715
CVE-2023-22715
Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Lester ‘GaMerZ’ Chan WP-CommentNavi plugin <= 1.12.1 versions.
Source: CVE-2023-22715
CVE-2023-22716
CVE-2023-22716
Auth. (admin+) Cross-Site Scripting vulnerability in OOPSpam OOPSpam Anti-Spam plugin <= 1.1.35 versions.
Source: CVE-2023-22716