XSS Vulnerability discovered on Paypal

XSS Vulnerability discovered on Paypal Vansh and Vaibhuv two Indian Hacker found a XSS vulnerability in world famous site Paypal. Paypal is affected by an XSS vulnerability where it fails to validate input. One can add arbitrary javascript with no need for any filter evasion. This is a serious...

Project Open Cross Site Scripting

Vulnerability Title: Project Open po - "account-closed.tcl" Reflective Cross Site Scripting Author: Michail Poultsakis Date of Vendor and CERT Contact: 2011.12.08 Publication Date: 2012.02.02 Product Link: http://www.project-open.com Affected Product Version: 3.4.x Project Open po version 3.4.x...

Directory traversal

Directory traversal vulnerability in Apple Safari before 5.1.1 allows remote attackers to execute arbitrary JavaScript code, in a Safari Extensions context, via a crafted safari-extension: URL...

CVE-2011-3229

Directory traversal vulnerability in Apple Safari before 5.1.1 allows remote attackers to execute arbitrary JavaScript code, in a Safari Extensions context, via a crafted safari-extension: URL...

DragDropCart Cross Site Scripting

Exploit Title: DragDropCart E-Commerce System Stored XSS Date: 2011 Author: Eyup CELIK Version: All Version Tested on: All versions are Vulnerability ISSUE Cross Site Scripting can be done using the command input Vulnerable Page: search.php yaxaluser.php Example: search.php?search= Exploit: "/...

Code injection

Mozilla Firefox before 3.6.20, SeaMonkey 2.x, Thunderbird 3.x before 3.1.12, and possibly other products does not properly handle the dropping of a tab element, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges by establishing a content area and registering...

Cross site scripting

Cross-application scripting vulnerability in the Browser URL loading functionality in Android 2.3.4 and 3.1 allows local applications to bypass the sandbox and execute arbitrary Javascript in arbitrary domains by 1 causing the MAXTAB number of tabs to be opened, then loading a URI to the targeted...

CVE-2011-2357

Cross-application scripting vulnerability in the Browser URL loading functionality in Android 2.3.4 and 3.1 allows local applications to bypass the sandbox and execute arbitrary Javascript in arbitrary domains by 1 causing the MAXTAB number of tabs to be opened, then loading a URI to the targeted...

CVE-2011-2357

CVE-2011-2357 describes a cross-application scripting flaw in Android’s Browser URL loading, enabling a non-privileged app to inject JavaScript into arbitrary domains and break sandboxing. The vulnerability has two exploitation vectors: (1) exhausting MAX_TABS and loading a target URL followed by...

[oCERT-2011-001] Chyrp input sanitization errors

2011-001 Chyrp input sanitization errors Description: The Chyrp framework, an open source blogging engine, suffers from cross-site scripting XSS and local file inclusion LFI vulnerabilities. Insufficient input sanitization on the parameters passed to pages related to administration settings, the...

Nakid CMS 1.0.2 Cross Site Scripting

------------------------------------------------------------------------ Software................Nakid CMS 1.0.2 Vulnerability...........Reflected Cross-site Scripting Threat Level............Low 1/5 Download................http://www.nakid.org/ Discovery Date..........6/1/2011 Tested...

Apache Archiva 1.3.4 Cross Site Scripting

Hi, This is regarding multiple XSS Cross Site Scripting Vulnerabilities in Apache Archiva 1.3.4 and previous versions. The following is the disclosure document Project: Apache Archiva Severity: High Versions: 1.3.0 - 1.3.4. The unsupported versions Archiva 1.0 - 1.2.2 are also affected. Exploit...

phpScheduleIt 1.2.12 Cross Site Scripting

Vulnerability ID: HTB22987 Reference: http://www.htbridge.ch/advisory/multiplexssinphpscheduleit.html Product: phpScheduleIt Vendor: php.brickhost.com Vulnerable Version: 1.2.12 Vendor Notification: 05 May 2011 Vulnerability Type: XSS Cross Site Scripting Risk level: Medium Credit: High-Tech Brid...

HTML2PDF 4.02 Cross Site Scripting

------------------------------------------------------------------------ --Description-- A reflected cross-site scripting vulnerability in HTML2PDF v4.02 can be exploited to execute arbitrary JavaScript. --PoC-- alert0" /...

eFront 3.6.9 Build 10653 Cross Site Scripting

------------------------------------------------------------------------ Software................eFront 3.6.9 build 10653 Vulnerability...........Reflected Cross-site Scripting Threat Level............Low 1/5 Download................http://www.efrontlearning.net/ Discovery Date..........5/12/2011...

Gelsheet 1.02 Cross Site Scripting

------------------------------------------------------------------------ Software................Gelsheet 1.02 Vulnerability...........Reflected Cross-site Scripting Threat Level............Low 1/5 Download................http://www.gelsheet.org/ Discovery Date..........5/5/2011 Tested...

ECoder 0.4.10 Cross Site Scripting

------------------------------------------------------------------------ Software................ECoder 0.4.10 Vulnerability...........Reflected Cross-site Scripting Threat Level............Low 1/5 Download................http://ecoder.quintalinda.com/ Discovery Date..........5/5/2011 Tested...

Classmates XSS cross-site vulnerabilities-vulnerability warning-the black bar safety net

Vulnerability description: Classmates 1.1.1 design flaws, leading toXSScross-site vulnerability; user can be in a vulnerable application to execute arbitrary JavaScript code. Since the vulnerability exists in“/themes/default/header.inc.php“script is not properly sanitized of user-supplied input t...

SelectaPix Image Gallery 1.4.1 Cross Site Scripting

Vulnerability ID: HTB22964 Reference: http://www.htbridge.ch/advisory/xssinselectapiximagegallery.html Product: SelectaPix Image Gallery Vendor: http://www.outofthetrees.co.uk/ http://www.outofthetrees.co.uk/ Vulnerable Version: 1.4.1 Vendor Notification: 19 April 2011 Vulnerability Type: XSS Cro...

LDAP Account Manager 3.4.0 Cross Site Scripting

------------------------------------------------------------------------ Software................LDAP Account Manager 3.4.0 Vulnerability...........Reflected Cross-site Scripting Threat Level............Low 1/5 Download................http://www.ldap-account-manager.org/ Discovery...