Vulnerabilities (CVE)

Filtered by CWE-233
Total 6 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-9329 1 Eclipse 1 Glassfish 2024-10-07 N/A 6.1 MEDIUM
In Eclipse Glassfish versions before 7.0.17, The Host HTTP parameter could cause the web application to redirect to the specified URL, when the requested endpoint is '/management/domain'. By modifying the URL value to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials.
CVE-2024-24525 2024-08-29 N/A 9.8 CRITICAL
An issue in EpointWebBuilder 5.1.0-sp1, 5.2.1-sp1, 5.4.1 and 5.4.2 allows a remote attacker to execute arbitrary code via the infoid parameter of the URL.
CVE-2023-40819 1 Devlop.systems 1 Id4portais 2024-08-12 N/A 6.1 MEDIUM
ID4Portais in version < V.2022.837.002a returns message parameter unsanitized in the response, resulting in a HTML Injection vulnerability.
CVE-2024-33433 2024-08-01 N/A 4.8 MEDIUM
Cross Site Scripting vulnerability in TOTOLINK X2000R before v1.0.0-B20231213.1013 allows a remote attacker to execute arbitrary code via the Guest Access Control parameter in the Wireless Page.
CVE-2024-31808 2024-08-01 N/A 8.8 HIGH
TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a remote code execution (RCE) vulnerability via the webWlanIdx parameter in the setWebWlanIdx function.
CVE-2024-20306 2024-03-27 N/A 6.0 MEDIUM
A vulnerability in the Unified Threat Defense (UTD) configuration CLI of Cisco IOS XE Software could allow an authenticated, local attacker to execute arbitrary commands as root on the underlying host operating system. To exploit this vulnerability, an attacker must have level 15 privileges on the affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by submitting a crafted CLI command to an affected device. A successful exploit could allow the attacker to execute arbitrary commands as root on the underlying operating system.