g-rubert

5 exploits Active since Apr 2020
CVE-2020-9461 NOMISEC MEDIUM WRITEUP
Octech Oempro < 4.11 - XSS
Octech Oempro 4.7 through 4.11 allow stored XSS by an authenticated user. The FolderName parameter of the Media.CreateFolder command is vulnerable.
2 stars
CVSS 5.4
CVE-2020-9460 NOMISEC MEDIUM WRITEUP
Octech Oempro < 4.11 - XSS
Octech Oempro 4.7 through 4.11 allow XSS by an authenticated user. The parameter CampaignName in Campaign.Create is vulnerable.
1 stars
CVSS 5.4
CVE-2021-46108 NOMISEC MEDIUM WRITEUP
D-Link DSL-2730E CT-20131125 - XSS
D-Link DSL-2730E CT-20131125 devices allow XSS via the username parameter to the password page in the maintenance configuration.
CVSS 5.4
CVE-2020-12696 NOMISEC MEDIUM WRITEUP
WordPress <4.5 - XSS
The iframe plugin before 4.5 for WordPress does not sanitize a URL.
CVSS 6.1
CVE-2020-14965 NOMISEC MEDIUM WRITEUP
TP-Link TL-WR740N/ND v4 - XSS
On TP-Link TL-WR740N v4 and TL-WR740ND v4 devices, an attacker with access to the admin panel can inject HTML code and change the HTML context of the target pages and stations in the access-control settings via targets_lists_name or hosts_lists_name. The vulnerability can also be exploited through a CSRF, requiring no authentication as an administrator.
CVSS 4.8