Lucene search
K

36 matches found

wpexploit
wpexploit
added 2021/09/21 12:0 a.m.137 views

Special Text Boxes <= 5.9.109 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise or escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml is disallowed. Put the following payload in any of the field in the 'Basic Settings' section of the plugin's setting...

4.8CVSS1.2AI score0.00598EPSS
Exploits2
OSV
OSV
added 2021/07/30 2:15 p.m.5 views

CVE-2020-20699

A cross site scripting XSS vulnerability in S-CMS PHP v3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the Copyright text box under Basic Settings...

4.8CVSS5.6AI score0.00527EPSS
Exploits1References1
CNNVD
CNNVD
added 2021/07/30 12:0 a.m.5 views

S-CMS 跨站脚本漏洞

S-CMS 3.0 has a cross-site scripting vulnerability, which can be exploited by attackers via the "Copyright" text box under "Basic Settings" to execute arbitrary Web scripts or HTML. The vulnerability can be exploited to execute arbitrary Web scripts or HTML via the "Copyright" text box under "Bas...

4.8CVSS5.5AI score0.00527EPSS
Exploits1References2
CNVD
CNVD
added 2021/07/28 12:0 a.m.25 views

S-CMS Cross-Site Scripting Vulnerability (CNVD-2021-58258)

S-CMS 3.0 has a cross-site scripting vulnerability, which can be exploited by attackers via the "Copyright" text box under "Basic Settings" to execute arbitrary Web scripts or HTML. The vulnerability can be exploited to execute arbitrary Web scripts or HTML via the "Copyright" text box under "Bas...

4.8CVSS3.4AI score0.00527EPSS
Exploits1References1
Kitploit
Kitploit
added 2020/03/05 8:30 p.m.79 views

Extended-XSS-Search - Scans For Different Types Of XSS On A List Of URLs

This is the extended version based on the initial idea already published as "xssfinder". This private version allows an attacker to perform not only GET but also POST requests. Additionally its possible to proxy every request through Burp or another tunnel. First steps Rename the...

7AI score
Exploits0References1
OSV
OSV
added 2019/08/29 6:15 p.m.3 views

CVE-2019-15806

CommScope ARRIS TR4400 devices with firmware through A1.00.004-180301 are vulnerable to an authentication bypass to the administrative interface because they include the current base64 encoded password within http://192.168.1.1/basicsett.html. Any user connected to the Wi-Fi can exploit this...

9.8CVSS5.8AI score
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2018/06/29 12:0 a.m.7 views

The vulnerability of the components ExportSettings.sh, updateWPS, RebootSystem, and vpnBasicSettings of the Intelbras NCLOUD 300 Wi-Fi router’s microprogramming system allows a hacker to gain access to the device with administrator privileges.

The vulnerabilities of the components ExportSettings.sh /cgi-bin/ExportSettings.sh, updateWPS /goform/updateWPS, RebootSystem /goform/RebootSystem, and vpnBasicSettings /goform/vpnBasicSettings of the Intelbras NCLOUD 300 Wi-Fi router software are related to the use of pre-installed registration...

10CVSS5.5AI score0.35573EPSS
Exploits5References4Affected Software1
OSV
OSV
added 2018/05/15 7:29 p.m.4 views

CVE-2018-11094

An issue was discovered on Intelbras NCLOUD 300 1.0 devices. /cgi-bin/ExportSettings.sh, /goform/updateWPS, /goform/RebootSystem, and /goform/vpnBasicSettings do not require authentication. For example, when an HTTP POST request is made to /cgi-bin/ExportSettings.sh, the username, password, and...

9.8CVSS5.8AI score0.35573EPSS
Exploits5References2
CNVD
CNVD
added 2017/11/07 12:0 a.m.3 views

Vonage HT802 Cross-Site Request Forgery Vulnerability

The Vonage Grandstream HT802 devices is a home gateway device from Vonage USA. A cross-site request forgery vulnerability exists in the Basic Settings screen on Vonage Grandstream HT802 devices. A remote attacker could exploit this vulnerability to change settings...

8CVSS6.9AI score0.00437EPSS
Exploits1References1
Prion
Prion
added 2017/11/06 8:29 a.m.17 views

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF in the Basic Settings screen on Vonage Grandstream HT802 devices allows attackers to modify settings, related to cgi-bin/update...

6CVSS7.9AI score0.00437EPSS
Exploits1References1
OSV
OSV
added 2017/09/13 8:29 a.m.5 views

CVE-2017-13724

On the Axesstel MU553S MU55XS-V1.14, there is a Stored Cross Site Scripting vulnerability in the APN parameter under the "Basic Settings" page...

5.4CVSS5.8AI score0.00513EPSS
Exploits1References1
CVE
CVE
added 2017/09/13 8:0 a.m.52 views

CVE-2017-13724

CVE-2017-13724 describes a stored Cross-Site Scripting vulnerability in the APN parameter on the Axesstel MU553S MU55XS devices running firmware v1.14, on the Basic Settings page. The affected component is the APN field handling in that page; the root cause is a stored XSS flaw that can persist u...

5.4CVSS5.3AI score0.00513EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2017/07/31 11:29 p.m.5 views

CVE-2017-11648

Techroutes TR 1803-3G Wireless Cellular Router/Modem 2.4.25 devices do not possess any protection against a CSRF vulnerability, as demonstrated by a goform/BasicSettings request to disable port filtering...

8.8CVSS5.8AI score0.00449EPSS
Exploits0References1
Packet Storm
Packet Storm
added 2014/07/25 12:0 a.m.21 views

Netgear DGN2200 Password Disclosure

Exploit Title: Password Disclosure vulnerability Software: NETGEAR DGN2200 Software Link: netgear.com Version: DGN2200 Author: Dolev Farhi, email: dolevatopenflaredotorg Date: 23.7.2014 Tested on: Kali Linux Firmware 1.0.0.291.7.29HotS 2. Vulnerability Description: ===============================...

0.5AI score
Exploits0
0day.today
0day.today
added 2014/07/24 12:0 a.m.38 views

NETGEAR DGN2200 1.0.0.29_1.7.29_HotS - Password Disclosure

Exploit for hardware platform in category web applications Exploit Title: Password Disclosure vulnerability Software: NETGEAR DGN2200 Software Link: netgear.com Version: DGN2200 Author: Dolev Farhi, email: dolevatopenflaredotorg Date: 23.7.2014 Tested on: Kali Linux Firmware 1.0.0.291.7.29HotS 2...

7.1AI score
Exploits0
Exploit DB
Exploit DB
added 2014/07/23 12:0 a.m.44 views

Netgear DGN2200 1.0.0.29_1.7.29_HotS - Password Disclosure

Exploit Title: Password Disclosure vulnerability Software: NETGEAR DGN2200 Software Link: netgear.com Version: DGN2200 Author: Dolev Farhi, email: dolevatopenflaredotorg Date: 23.7.2014 Tested on: Kali Linux Firmware 1.0.0.291.7.29HotS 2. Vulnerability Description: ===============================...

7.4AI score
Exploits0
Rows per page
Query Builder