Hot Security Vulnerabilities

CVE-2024-29796

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Hot Themes Hot Random Image allows Stored XSS.This issue affects Hot Random Image: from n/a through...

CVE-2018-6878

Cross Site Scripting (XSS) exists in the review section in PHP Scripts Mall Hot Scripts Clone Script Classified 3.1 via the title or description...

CVE-2022-1765

The Hot Linked Image Cacher WordPress plugin through 1.16 is vulnerable to CSRF. This can be used to store / cache images from external domains on the server, which could lead to legal risks (due to copyright violations or licensing...

CVE-2020-6836

grammar-parser.jison in the hot-formula-parser package before 3.0.1 for Node.js is vulnerable to arbitrary code injection. The package fails to sanitize values passed to the parse function and concatenates them in an eval call. If a value of the formula is taken from user-controlled input, it may.....

CVE-2018-14730

An issue was discovered in Browserify-HMR. Attackers are able to steal developer's code because the origin of requests is not checked by the WebSocket server, which is used for HMR (Hot Module Replacement). Anyone can receive the HMR message sent by the WebSocket server via a ws://127.0.0.1:3123/.....

CVE-2018-6903

PHP Scripts Mall Hot Scripts Clone Script Classified v3.1 uses the client side to enforce validation of an e-mail address, which allows remote attackers to modify a registered e-mail address by removing the validation...

CVE-2018-7650

PHP Scripts Mall Hot Scripts Clone:Script Classified Version 3.1 Application is vulnerable to stored XSS within the "Add New" function for a Management User. Within the "Add New" section, the application does not sanitize user supplied input to the name parameter, and renders injected JavaScript...

CVE-2017-17612

Hot Scripts Clone 3.1 has SQL Injection via the /categories subctid or mctid...

CVE-2014-4588

Cross-site scripting (XSS) vulnerability in tpls/editmedia.php in the Hot Files: File Sharing and Download Manager (wphotfiles) plugin 1.0.0 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the mediaid...

CVE-2013-5220

goform/login on the HOT HOTBOX router with software 2.1.11 allows remote attackers to cause a denial of service (device crash) via crafted HTTP POST...

CVE-2013-5218

Cross-site scripting (XSS) vulnerability on the HOT HOTBOX router with software 2.1.11 allows remote attackers to inject arbitrary web script or HTML via a crafted DHCP Host Name option, which is not properly handled during rendering of the DHCP table in...

CVE-2013-5219

Directory traversal vulnerability on the HOT HOTBOX router with software 2.1.11 allows remote attackers to read arbitrary files via a .. (dot dot) in a URI, as demonstrated by a request for...

CVE-2013-5037

The HOT HOTBOX router with software 2.1.11 has a default WPS PIN of 12345670, which makes it easier for remote attackers to obtain the WPA or WPA2 pre-shared key via EAP...

CVE-2013-5038

The HOT HOTBOX router with software 2.1.11 allows remote attackers to bypass authentication by configuring a source IP address that had previously been used for an authenticated...

CVE-2013-5039

Cross-site request forgery (CSRF) vulnerability in goform/wlanBasicSecurity on the HOT HOTBOX router with software 2.1.11 allows remote attackers to hijack the authentication of administrators for requests that change the WiFi Security field to Deactivated via the WifiSecurity...

CVE-2006-2730

PHP remote file inclusion vulnerability in admin/lib_action_step.php in Hot Open Tickets (HOT) 11012004_ver2f, when register_globals is enabled, allows remote attackers to include arbitrary files via the GLOBALS[CLASS_PATH] parameter. NOTE: this issue might be resultant from a global overwrite...

CVE-2005-4364

Cross-site scripting (XSS) vulnerability in index.cfm in Hot Banana Web Content Management Suite 5.3 allows remote attackers to inject arbitrary web script or HTML via the keywords...