CVE-2021-35956
Stored cross-site scripting (XSS) in the embedded webserver of AKCP sensorProbe before SP480-20210624 enables remote authenticated attackers to introduce arbitrary JavaScript via the Sensor Description, Email (from/to/cc), System Name, and System Location fields.

CVE-2021-3441
Stored cross-site scripting (XSS) in the embedded webserver of certain HP OfficeJet Printers—including the 4630 e-All-in-One Printer and 7110 Wide Format ePrinter— enables remote unauthenticated attackers to introduce arbitrary JavaScript via the printer name and printer location fields.

PHP Timeclock 1.04 'Multiple' Cross Site Scripting (XSS)

In March 2021, Tyler Butler discovered ‘Multiple’ Cross Site Scripting (XSS) vulnerabilities in PHP Timeclock 1.04. The PoC developed was submitted to the exploit-db database in entry 49853.

Connect on Twitter

Tweets by Obsrva_