The affected device expose a network service called "rftest" that is vulnerable to unauthenticated command injection on ports TCP/8888, TCP/8889, and TCP/8890. By successfully exploiting this flaw, remote unauthenticated attacker can gain arbitrary command execution on the device with elevated privileges.This issue affects Archer C4500X: through 1_1.1.6.

A vulnerability has been discovered in VX Search Enterprise affecting version 10.2.14 that could allow an attacker to execute persistent XSS through /setup_smtp in smtp_server, smtp_user, smtp_password and smtp_email_address parameters. This vulnerability could allow an attacker to store malicious JavaScript payloads on the system to be triggered when the page loads.

A vulnerability has been discovered in VX Search Enterprise affecting version 10.2.14 that could allow an attacker to execute persistent XSS through /add_job in job_name. This vulnerability could allow an attacker to store malicious JavaScript payloads on the system to be triggered when the page loads.

A vulnerability has been discovered in VX Search Enterprise affecting version 10.2.14 that could allow an attacker to execute persistent XSS through /add_command_action in action_value. This vulnerability could allow an attacker to store malicious JavaScript payloads on the system to be triggered when the page loads.

A vulnerability has been discovered in VX Search Enterprise affecting version 10.2.14 that could allow an attacker to execute persistent XSS through /setup_odbc in odbc_data_source, odbc_user and odbc_password parameters. This vulnerability could allow an attacker to store malicious JavaScript payloads on the system to be triggered when the page loads.

The YITH WooCommerce Ajax Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘item’ parameter in versions up to, and including, 2.4.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

A Stored Cross-Site Scripting (XSS) vulnerability has been identified in OpenText ArcSight Enterprise Security Manager and ArcSight Platform. The vulnerability could be remotely exploited.

A Stored Cross-Site Scripting (XSS) vulnerability has been identified in OpenText ArcSight Enterprise Security Manager and ArcSight Platform. The vulnerability could be remotely exploited.

Improper Privilege Management vulnerability in UkrSolution Barcode Scanner with Inventory & Order Manager allows Privilege Escalation.This issue affects Barcode Scanner with Inventory & Order Manager: from n/a through 1.5.3.

Improper neutralization in some Intel(R) Arc(TM) & Iris(R) Xe Graphics software before version 31.0.101.5081 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent network access.