34 matches found
Cross site scripting
Cross Site Scripting vulnerability in zrlog zrlog v.2.1.3 allows a remote attacker to execute arbitrary code via the nickame parameter of the /post/addComment function...
Stored XSS Bypass While add a new Comment
Description Stored XSS bypass in add comments function if you try to inject XSS payload like that won't work ,So I found a bypass that able to bypass cloudflare with the following payload or and click enter to add newline and click "add comment" func cc CommentController AddCommentctx gin.Context...
WSO2 3.1.0 - Persistent Cross-Site Scripting Vulnerability
Exploit for java platform in category web applications Title: WSO2 3.1.0 - Persistent Cross-Site Scripting Author: raki ben hamouda Vendor: https://apim.docs.wso2.com Softwrare link: https://apim.docs.wso2.com/en/latest/ CVE: N/A Advisory:...
WSO2 3.1.0 - Persistent Cross-Site Scripting
Title: WSO2 3.1.0 - Persistent Cross-Site Scripting Date: 2020-04-13 Author: raki ben hamouda Vendor: https://apim.docs.wso2.com Softwrare link: https://apim.docs.wso2.com/en/latest/ CVE: N/A Advisory: https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2020-0700 Technical Details &...
CVE-2018-5370
BizLogic xnami 1.0 has XSS via the comment parameter in an addComment action to the /media/ajax URI...
Customer can see Internal Comment created by Automation Action
h5. Environment - run JIRA from atlas-debug - JIRA 7.0.5 - JIRA Service Desk 3.0.5 h5. Steps to reproduce Create Service Desk project go to Administration - Automation tab click New rule - Custom rule add Trigger Issue Created add Action Add comment put some Comment text and select Internal as...
LightBlog <= 5 Add_Comment.PHP Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/24741/info LightBlog is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the...
Slack: CSRF on add comment section
Hi, Steps to repro: 1 Go to this link https://sehacure.slack.com/help/requests/237956 2 The malicious guy should now the request number and the username. 3 Open Tamper data using tamper data firefox addon,Fill the reply in the form. 4 Submit the request.You will see there are no anti-csrf token i...
Lore 1.5.6 (article.php) Blind SQL Injection Exploit
No description provided by source. ? / CURL HABILITADO Blind Sql Injections Script Version : Lore 1.5.6 Bug : article.php?id=Blind ,Comentarios Habilitados "Add Comment" Dork : intext:"Powered by Lore 1.5.6" Coded By OzXNuKE/US HTTP://FORO.UNDERSECURITY.NET HTTP://FORO.EL-HACKER.COM Gracias...
webalbum-xss.txt
================================================================ WEBAlbum XSS Vulnerabilities POST Variable: id POST Variable: category Greetz: ZeQ3uL, BAD $ectors, Snapter, Conan, Win7dos, JabAv0C...
XSS vulnerabilities in create/edit/copy page and blogpost actions
The following create/edit page URL's are vulnerable: - /pages/createpage.action - /pages/docreatepage.action - /pages/editpage.action - /pages/doeditepage.action on parentPageString, mode, labelsString, captchaId The following create/edit blogpost URL's are vulnerable: -...
LightBlog <= 5 Add_Comment.PHP Cross-Site Scripting Vulnerability
LightBlog 5 AddComment.PHP Cross-Site Scripting Vulnerability. Webapps exploit for php platform source: http://www.securityfocus.com/bid/24741/info LightBlog is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may...
Wheatblog [multiple xss (post) & full path disclosure]
vendor site: http://wheatblog.sourceforge.net/ product : Wheatblog bug: multiple xss post & full path disclosure risk : medium xss post : /addcomment.php vulnerable fieds : - Name - WWW - Comment impact: an attacker can steal the cookie from every persons who is watching at the comments. full pat...
CVE-2006-0409
Cross-site scripting XSS vulnerability in index.php in Pixelpost Photoblog 1.4.3 allows remote attackers to inject arbitrary web script or HTML via the "Add Comment" field in a comment popup...