CVE-2022-0229

The miniOrange's Google Authenticator WordPress plugin before 5.5 does not have proper authorisation and CSRF checks when handling the reconfigureMethod, and does not validate the parameters passed to it properly. As a result, unauthenticated users could delete arbitrary options from the blog,...

Exploit for Improper Initialization in Linux Linux_Kernel

CVE-2022-0847 my personal poc and exploit of CVE-2022-0847di...

Cross-Site Scripting (XSS)

microweber/microweber is vulnerable to cross-site scripting. The vulnerability exists in saveCommentEdit function of AdminCommentController.php because this allows HTML tags in the blog comments which allows a malicious attacker to inject and execute html payloads...

Microweber 代码注入漏洞

Microweber is an online store management system that provides drag and drop functionality from the Microweber community in the United States. The system includes modules for adding products, images, and more. A cross-site scripting vulnerability exists in Microweber before 1.3, which stems from t...

CVE-2022-0440

The Catch Themes Demo Import WordPress plugin before 2.1.1 does not validate one of the file to be imported, which could allow high privivilege admin to upload an arbitrary PHP file and gain RCE even in the case of an hardened blog ie DISALLOWUNFILTEREDHTML, DISALLOWFILEEDIT and DISALLOWFILEMODS...

CISA’s Zero Trust Guidance for Enterprise Mobility Available for Public Comment

CISA has released a draft version of Applying Zero Trust Principles to Enterprise Mobility for public comment. The paper guides federal agencies as they evolve and operationalize cybersecurity programs and capabilities, including cybersecurity for mobility. The public comment period will close...

Improper Neutralization of Special Elements Used in a Template Engine

Description The Microweber application allows HTML tags in the "Blog Comments" which can be exploited by Injecting HTML payloads. Proof of Concept 1.Open any blog in which comment is allowed. 2.Insert your html code in code block. e.g., Hurry Up!Go to https://evil.com and get free $1000 in your...

blog-webhosting.de Improper Access Control vulnerability OBB-2409491

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Friday Squid Blogging: Far Side Cartoon

Squid, of course. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

GHSA-R39X-3QQ4-GXMR Liferay Portal and Liferay DXP vulnerable to cross-site scripting (XSS) in edit blog entry page

Cross-site scripting XSS vulnerability in the Blogs module's edit blog entry page in Liferay Portal 7.3.2 through 7.3.6, and Liferay DXP 7.3 before fix pack 2 allows remote attackers to inject arbitrary web script or HTML via the comliferayblogswebportletBlogsAdminPortlettitle and...

Liferay Portal and Liferay DXP vulnerable to cross-site scripting (XSS) in edit blog entry page

Cross-site scripting XSS vulnerability in the Blogs module's edit blog entry page in Liferay Portal 7.3.2 through 7.3.6, and Liferay DXP 7.3 before fix pack 2 allows remote attackers to inject arbitrary web script or HTML via the comliferayblogswebportletBlogsAdminPortlettitle and...

CVE-2021-38267

Cross-site scripting XSS vulnerability in the Blogs module's edit blog entry page in Liferay Portal 7.3.2 through 7.3.6, and Liferay DXP 7.3 before fix pack 2 allows remote attackers to inject arbitrary web script or HTML via the comliferayblogswebportletBlogsAdminPortlettitle and...

Htmly Cross-Site Scripting Vulnerability (CNVD-2022-73492)

Htmly is a PHP-based blogging platform. version 2.8.1 of Htmly is vulnerable to a cross-site scripting vulnerability. An attacker can exploit this vulnerability to execute arbitrary web script HTML via a specially crafted payload in the blog post content field...

PT-2022-10707 · Liferay · Liferay Dxp +1

Name of the Vulnerable Software and Affected Versions: Liferay Portal versions 7.3.2 through 7.3.6 Liferay DXP 7.3 before fix pack 2 Description: A cross-site scripting XSS issue exists in the Blogs module's edit blog entry page, allowing remote attackers to inject arbitrary web script or HTML vi...

CVE-2022-25022

A cross-site scripting XSS vulnerability in Htmly v2.8.1 allows attackers to excute arbitrary web scripts HTML via a crafted payload in the content field of a blog post...

CVE-2022-25020

A cross-site scripting XSS vulnerability in Pluxml v5.8.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the thumbnail path of a blog post...

CVE-2022-25020

A cross-site scripting XSS vulnerability in Pluxml v5.8.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the thumbnail path of a blog post...

Cross site scripting

A cross-site scripting XSS vulnerability in Pluxml v5.8.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the thumbnail path of a blog post...

CVE-2022-25020

A cross-site scripting XSS vulnerability in Pluxml v5.8.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the thumbnail path of a blog post...

UBUNTU-CVE-2022-25020

A cross-site scripting XSS vulnerability in Pluxml v5.8.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the thumbnail path of a blog post...