http://open-source-security-software.net/project/rtir/cves.atom 2024-05-19T02:56:07.777461+00:00 python-feedgen CVE-2017-16819 2017-11-17T12:29:00.290000+00:00 A stored cross-site scripting vulnerability in the Icon Time Systems RTC-1000 v2.5.7458 and earlier time clock allows remote attackers to inject arbitrary JavaScript in the nameFirst (aka First Name) field for the employee details page (/employee.html) that is then reflected in multiple pages where that field data is utilized, resulting in session hijacking and possible elevation of privileges. 2017-11-17T12:29:00.290000+00:00 CVE-2018-5720 2018-01-29T00:29:00.340000+00:00 An issue was discovered on DODOCOOL DC38 3-in-1 N300 Mini Wireless Range Extend RTN2-AW.GD.R3465.1.20161103 devices. A Cross-site request forgery (CSRF) vulnerability allows remote attackers to hijack the authentication of users for requests that modify all the settings. This vulnerability can lead to changing an existing user's username and password, changing the Wi-Fi password, etc. 2018-01-29T00:29:00.340000+00:00