186 matches found
Flat Preloader < 1.5.5 - Admin+ Stored Cross-Site Scripting
The plugin does not escape some of its settings when outputting them in attribute in the frontend, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml is disallowed Put the following payload in the "Alt text" setting of the plugin, then view...
Writing great alt text: Emotion matters
If you prefer videos to articles, there's an episode of HTTP 203 on this topic. Ok, on with the article… Good alt text means that screen reader users get the same 'meaning' from the page as a fully sighted user. But sometimes that's easier said than done. I recently got stuck trying to figure out...
Description of the Microsoft Office for Mac 2011 14.1 Update
This article describes the Service Pack 1 14.1 updates for Office for Mac 2011.IntroductionMicrosoft has released security bulletins MS11-021 and MS11-022. These security bulletins contain all the relevant information about the security updates for Microsoft Office for Mac 2011 for Mac. To view t...
WordPress Imagely NextGEN Gallery Cross-Site Scripting Vulnerability
WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL.Imagely NextGen Gallery is one of the gallery management systems. A cross-site scripting vulnerability exists in Image Alt &...
CVE-2018-1000172
Imagely NextGEN Gallery version 2.2.30 and earlier contains a Cross Site Scripting XSS vulnerability in Image Alt & Title Text. This attack appears to be exploitable via a victim viewing the image in the administrator page. This vulnerability appears to have been fixed in 2.2.45...
Concrete CMS: Stored XSS in Image Alt. Text
XSS payload can be executed and saved permanently in Image Alt. Text. Poc Code: "click me!"...