CVE-2019-10646

Wolf CMS v0.8.3.1 is affected by cross site scripting XSS in the module Add Snippet /?/admin/snippet/add. This allows an attacker to insert arbitrary JavaScript as user input, which will be executed whenever the affected snippet is loaded...

Cross site scripting

An cross-site scripting vulnerability exists in Jenkins Config File Provider Plugin 3.4.1 and earlier in src/main/resources/lib/configfiles/configfiles.jelly that allows attackers with permission to define shared configuration files to execute arbitrary JavaScript when a user attempts to delete t...

CVE-2018-13309

Cross-site scripting in password.htm in TOTOLINK A3002RU version 1.0.8 allows attackers to execute arbitrary JavaScript via the user's password...

CVE-2018-16474

CVE-2018-16474 concerns the Node.js module tianma-static . Concrete details show that all versions up to 1.0.4 are vulnerable to a stored XSS if an attacker can control the name of a file served by the module. Affected condition: filenames unsanitized, enabling arbitrary JavaScript execution when...

Cross site scripting

The Galaxy Project Galaxy version v14.10 contains a CWE-79: Improper Neutralization of Input During Web Page Generation vulnerability in Many templates used in the Galaxy server did not properly sanitize user's input, which would allow for cross-site scripting XSS attacks. In this form of attack,...

pym.js CSRF Vulnerability

NPR Visuals Team Pym.js version versions 0.4.2 up to 1.3.1 contains a Cross Site Request Forgery CSRF vulnerability in Pym.js onNavigateToMessage function. https://github.com/nprapps/pym.js/blob/master/src/pym.jsL573 can result in Arbitrary javascript code execution. This attack appears to be...

CVE-2018-1000086

NPR Visuals Team Pym.js version versions 0.4.2 up to 1.3.1 contains a Cross ite Request Forgery CSRF vulnerability in Pym.js onNavigateToMessage function. https://github.com/nprapps/pym.js/blob/master/src/pym.jsL573 that can result in Arbitrary javascript code execution. This attack appear to be...

Cross site scripting

An exploitable cross site scripting XSS vulnerability exists in the add filter functionality of the railsadmin rails gem version 1.2.0. A specially crafted URL can cause an XSS flaw resulting in an attacker being able to execute arbitrary javascript on the victim's browser. An attacker can phish ...

Ubuntu 12.04 LTS : kde-runtime vulnerability (USN-2414-1)

Tim Brown and Darron Burton discovered that KDE-Runtime incorrectly handled input validation. An attacker could possibly use this issue to execute arbitrary javascript. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory...

Claroline 1.10 Persistent XSS Vulnerability

No description provided by source. ------------------------------------------------------------------------ Software................Claroline 1.10 Vulnerability...........Persistent Cross-site Scripting Threat Level............Moderate 2/5 Download................http://www.claroline.net/...

e107 1.0.1 - CSRF Resulting in Arbitrary Javascript Execution

No description provided by source. Exploit Title: e107 v1.0.1 Administrator CSRF Resulting in Arbitrary Javascript Execution Google Dork: intext:This site is powered by e107 Date: 01/01/13 Exploit Author: Joshua Reynolds Vendor Homepage: http://e107.org Software Link:...

WordPress Plugin Simply Poll 1.4.1 - Multiple Vulnerabilities

Exploit Title: WordPress Simply Poll Plugin 1.4.1 CSRF and stored XSS Google Dork: inurl:"/wp-content/plugins/simply-poll Date: 16.03.2013 Exploit Author: m3tamantra Vendor Homepage: http://wordpress.org/extend/plugins/simply-poll/ Software Link:...

e107 v1.0.1 CSRF Resulting in Arbitrary Javascript Execution

Exploit for php platform in category web applications Exploit Title: e107 v1.0.1 Administrator CSRF Resulting in Arbitrary Javascript Execution Google Dork: intext:"This site is powered by e107" Date: 01/01/13 Exploit Author: Joshua Reynolds Vendor Homepage: http://e107.org Software Link:...

Time And Expense Management System Cross Site Scripting

------------------------------------------------------------------------ Software................Time and Expense Management System Vulnerability...........Reflected Cross-site Scripting Threat Level............Low 1/5 Download................http://sourceforge.net/projects/tems/ Discovery...

OpenCollab 1.4.3 Cross Site Scripting

------------------------------------------------------------------------ Software................OpenCollab 1.4.3 Vulnerability...........Persistent Cross-site Scripting Threat Level............Moderate 2/5 Download................http://www.opencollab.de/ Vendor Contact Date.....3/10/2011...

Dokeos 1.8.6.2 Cross Site Scripting

------------------------------------------------------------------------ Software................Dokeos 1.8.6.2 Vulnerability...........Reflected Cross-site Scripting Download................http://www.dokeos.com/ Release Date............2/12/2011 Tested On...............Windows Vista + XAMPP...

Rumba CMS 2.4 Cross Site Scripting

================================== Vulnerability ID: HTB22591 Reference: http://www.htbridge.ch/advisory/xssvulnerabilityinrumbacms.html Product: Rumba CMS Vendor: Rumba Netware Ltd. http://rumbacms.com Vulnerable Version: 2.4 and Probably Prior Versions Vendor Notification: 18 August 2010...

NewsOffice 2.0.18 Cross Site Scripting

------------------------------------------------------------------------ Software................NewsOffice 2.0.18 Vulnerability...........Reflected XSS Download................http://newsoffice.newanz.com/ Release Date............7/5/2010 Tested On...............Windows Vista + XAMPP...

Fedora 12 : python-paste-1.7.4-1.fc12 (2010-10383)

1.7.4 The only real change is to paste.httpexceptions, which was using insecure quoting of some parameters and allowed an XSS hole, most specifically with its 404 messages. The most notably WSGI application using this is paste.urlparse.StaticURLParser and PkgResourcesParser. By directing someone ...

Ubuntu Update for firefox vulnerabilities USN-535-1

Ubuntu Update for Linux kernel vulnerabilities USN-535-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN5351.nasl 7969 2017-12-01 09:23:16Z santu $ Ubuntu Update for firefox vulnerabilities USN-535-1 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH,...