CVE-2025-8047

The disable-right-click-powered-by-pixterme through v1.2 and pixter-image-digital-license thtough v1.0 WordPress plugins load a JavaScript file which has been compromised from an apparent abandoned S3 bucket. It can be used as a backdoor by those who control it, but it currently displays an alert...

U.S. Dept Of Defense: Cross-Site Scripting via 'autoPlay' parameter

A Cross-Site Scripting XSS vulnerability was discovered on a website through the 'autoPlay' parameter in the GET method. Exploitation of this vulnerability allowed the injection of malicious scripts that could be executed. A proof-of-concept was provided demonstrating an alert pop-up...

Microweber 2.0.15 Cross Site Scripting

Exploit Title: Microweber =v2.0.15 - Reflected Cross-Site Scripting XSS Date: 16.07.2024 Exploit Author: Prerak Mittal Vendor Homepage: https://microweber.org/ Software Link: https://github.com/microweber/microweber/releases/tag/v2.0.15 Version: =v2.0.15 Tested on: Ubuntu 22.04 CVE : CVE-2024-401...

Reflect Cross Site Scripting when search

Description Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites. Proof of Concept 1. Go to your web phpmyfaq and visit http:///phpmyfaq/index.php?search= 2. inject payload to param search: 1af"+onclick='alert...

Cross-site Scripting (XSS) - Stored

Description I found a Stored XSS vulnerability at admin page: https://demo.microweber.org/demo/admin/view:settingsoptiongroup=files Proof of Concept Step 1: Go to Settings Website settings Files Step 2: Create new folder with folder name : // Request --------------------------------------- POST...

U.S. Dept Of Defense: [www.███] Reflected Cross-Site Scripting

Description: Good morning, there's a reflected cross-site scripting vulnerability on https://www.██████████/█████ There was some difficult in making a payload for this vulnerability, mainly due to the WAF blocking some vectors; But exploitation is still possible. Here's a proof of concept showing...

Curfew e-Pass Management System 1.0 Cross Site Scripting

Exploit Title: Curfew e-Pass Management System 1.0 - Stored XSS Date: 2/1/2021 Exploit Author: Arnav Tripathy Vendor Homepage: https://phpgurukul.com Software Link: https://phpgurukul.com/curfew-e-pass-management-system-using-php-and-mysql/ Version: 1.0 Tested on: Windows 10/Wamp 1 Log into the...

Codoforum 4.8.3 - Persistent Cross-Site Scripting

Codoforum 4.8.3 - Persistent Cross-Site Scripting Exploit Title: Codoforum 4.8.3 - Persistent Cross-Site Scripting Google Dork: intext:"Powered by Codoforum" Date: 2020-01-03 Exploit Author: Prasanth c41m, Vyshnav Vizz Vendor Homepage: https://codoforum.com/index.php Software Link:...

wholesale.reneesgarden.com XSS vulnerability

Open Bug Bounty ID: OBB-645733 Description| Value ---|--- Affected Website:| wholesale.reneesgarden.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Alibaba Clone Script 1.0.2 Cross Site Scripting

Exploit Title: Alibaba Clone Script 1.0.2 a Stored XSS Date: 09.02.2018 Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/alibaba-clone/ Category: Web Application Exploit Author: Prasenjit Kanti Paul Web: http://hack2rule.wordpress.com/ Version...