A Cross-site scripting (XSS) vulnerability in the content editor in Gis3W g3w-suite 3.5 allows remote authenticated users to inject arbitrary web script or HTML and gain privileges via the description parameter.

**G3W-SUITE**

G3W-SUITE is the easiest way to publish QGIS projects on WebGIS services.

G3W-SUITE is a framework built with Django and VueJs,.

**Pinned**

1.  Server module for G3W-SUITE
    
    JavaScript 30 30
    
2.  Run G3W-SUITE stack with docker-compose
    
    HTML 17 25
    
3.  Map viewer addon for G3W-SUITE
    
    JavaScript 14 12
    
4.  Edit and translate G3W-SUITE end-user documentation
    
    Python 1 3
    

**Repositories**

*   Python 0 MPL-2.0 0
    
    0 0
    
    Updated Jul 7, 2023
    
*   Vue 0 MPL-2.0 0
    
    0 0
    
    Updated Jul 7, 2023
    

*   JavaScript
    
    30
    
    MPL-2.0
    
    30 32 6
    
    Updated Jul 6, 2023
    
*   JavaScript 0
    
    3 3 2
    
    Updated Jul 4, 2023
    
*   HTML
    
    17 25 16 5
    
    Updated Jun 22, 2023
    
*   Vue 0
    
    2 1 0
    
    Updated Jun 22, 2023
    
*   0 MPL-2.0 0
    
    3 0
    
    Updated Jun 13, 2023
    
*   JavaScript 0
    
    1 0 0
    
    Updated Jun 8, 2023

CVE-2023-29998: G3W-SUITE

Cross Site Request Forgery (CSRF) vulnerability in MultiTech Conduit AP MTCAP2-L4E1 MTCAP2-L4E1-868-042A v.6.0.0 allows a remote attacker to execute arbitrary code via a crafted script upload.

CVE-2023-25201: Security Advisories - usd HeroLab

A vulnerability, which was classified as problematic, was found in SimplePHPscripts NewsLetter Script PHP 2.4. Affected is an unknown function of the file /preview.php of the component URL Parameter Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-233292.

CVE-2023-3540

A vulnerability, which was classified as problematic, has been found in SimplePHPscripts Simple Forum PHP 2.7. This issue affects some unknown processing of the file /preview.php of the component URL Parameter Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-233291.

CVE-2023-3539

TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a command injection vulnerability via the FileName parameter in the setUploadSetting function.

*   *   Actions
        
        Automate any workflow
        
    *   Packages
        
        Host and manage packages
        
    *   Security
        
        Find and fix vulnerabilities
        
    *   Codespaces
        
        Instant dev environments
        
    *   Copilot
        
        Write better code with AI
        
    *   Code review
        
        Manage code changes
        
    *   Issues
        
        Plan and track work
        
    *   Discussions
        
        Collaborate outside of code
        
    

*   *   GitHub Sponsors
        
        Fund open source developers
        
    
    *   The ReadME Project
        
        GitHub community articles
        
    
*   Pricing

**Search code, repositories, users, issues, pull requests...**

**Provide feedback**

**Saved searches****Use saved searches to filter your results more quickly**

Sign up

CVE-2023-37149: Vulnerability_info/TOTOLINK/lr350/4/README.md at main · DaDong-G/Vulnerability_info

A vulnerability classified as problematic has been found in SimplePHPscripts News Script PHP Pro 2.4. This affects an unknown part of the file /preview.php of the component URL Parameter Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The identifier VDB-233289 was assigned to this vulnerability.

CVE-2023-3537

A vulnerability classified as problematic was found in SimplePHPscripts Photo Gallery PHP 2.0. This vulnerability affects unknown code of the file /preview.php of the component URL Parameter Handler. The manipulation leads to cross site scripting. The attack can be initiated remotely. VDB-233290 is the identifier assigned to this vulnerability.

CVE-2023-3538

TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a command injection vulnerability via the FileName parameter in the UploadFirmwareFile function.

CVE-2023-37146: Vulnerability_info/TOTOLINK/lr350/2 at main · DaDong-G/Vulnerability_info

TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a command injection vulnerability via the hostname parameter in the setOpModeCfg function.

CVE-2023-37145: Vulnerability_info/TOTOLINK/lr350/1/Readme.md at main · DaDong-G/Vulnerability_info

Tenda AC10 v15.03.06.26 was discovered to contain a command injection vulnerability via the mac parameter in the function formWriteFacMac.

Source

CVE