CVE-2024-33433

MEDIUM Year: 2024
CVSS v3 Score
4.8
Medium
Weakness Type
CWE-233
View all →

Vulnerability Description

Cross Site Scripting vulnerability in TOTOLINK X2000R before v1.0.0-B20231213.1013 allows a remote attacker to execute arbitrary code via the Guest Access Control parameter in the Wireless Page.

Related Vulnerabilities

CVE-2023-28898

MEDIUM
CVSS:5.3(Medium)

The Real-Time Streaming Protocol implementation in the MIB3 infotainment incorrectly handles requests to /logs URI, when the id parameter equals to zero. This issue allows an attacker connected to the...

CWE-2332023

CVE-2024-25979

MEDIUM
CVSS:5.3(Medium)

The URL parameters accepted by forum search were not limited to the allowed parameters.

CWE-2332024

CVE-2023-1419

MEDIUM
CVSS:5.9(Medium)

A script injection vulnerability was found in the Debezium database connector, where it does not properly sanitize some parameters. This flaw allows an attacker to send a malicious request to inject a...

CWE-2332023

CVE-2024-20306

MEDIUM
CVSS:6.0(Medium)

A vulnerability in the Unified Threat Defense (UTD) configuration CLI of Cisco IOS XE Software could allow an authenticated, local attacker to execute arbitrary commands as root on the underlying host...

CWE-2332024

CVE-2024-9329

MEDIUM
CVSS:6.1(Medium)

In Eclipse Glassfish versions before 7.0.17, The Host HTTP parameter could cause the web application to redirect to the specified URL, when the requested endpoint is '/management/domain'. By modifying...

CWE-2332024

CVE-2020-10069

MEDIUM
CVSS:6.5(Medium)

Zephyr Bluetooth unchecked packet data results in denial of service. Zephyr versions >= v1.14.2, >= v2.2.0 contain Improper Handling of Parameters (CWE-233). For more information, see https://github.c...

CWE-2332020