Issue 278 | LigeroSmart up to 6.1.24 Environment Variable REQUEST_URI cross site scripting

Inserito da Angelo Barbosa | Gen 1, 2026 | CVE

A vulnerability has been found in LigeroSmart up to 6.1.24 and classified as problematic. This affects an unknown part of the component Environment Variable Handler. Performing manipulation of the argument REQUEST_URI results in cross site scripting.

The attack may be initiated remotely. In addition, an exploit is available.

The affected component should be upgraded.

Issue 278 | LigeroSmart up to 6.1.24 Environment Variable REQUEST_URI cross site scripting

Post correlati

CVE-2024-8880 | playSMS 1.4.4/1.4.5/1.4.6/1.4.7 Template index.php username/email/captcha code injection

CVE-2024-20353 | Cisco ASA/Firepower Threat Defense Web Server infinite loop (cisco-sa-asaftd-websrvs-dos-X8gNucD2)

CVE-2025-0764 | tomdever wpForo Forum Plugin up to 2.4.1 on WordPress update information disclosure

CVE-2024-28891 | Delta Electronics DIAEnergie up to 1.10.00.4 Handler_CFG.ashx sql injection (icsa-24-074-12)