7736 matches found
CVE-2018-19901
No-CMS 1.1.3 is prone to Persistent XSS via the blog/managearticle/index/ "articletitle" parameter...
CVE-2018-19902
No-CMS 1.1.3 is prone to Persistent XSS via the blog/managearticle "keyword" parameter...
CVE-2018-19901
CVE-2018-19901 affects No-CMS 1.1.3 and is described as a persistent XSS vulnerability exploitable via the blog/manage_article/index/“article_title” parameter. The available public records identify the vulnerable component/entry point but do not provide exploit code, affected versions beyond 1.1....
CVE-2018-19901
No-CMS 1.1.3 is prone to Persistent XSS via the blog/managearticle/index/ "articletitle" parameter...
Mezzanine Cross-Site Scripting Vulnerability
Mezzanine CMS is a set of open source content management system CMS built using the DJANGO framework. A cross-site scripting vulnerability exists in admin/blog/blogpost/add/ in Mezzanine CMS version 4.3.1. A remote attacker can create a cross-site scripting vulnerability in...
Design/Logic Flaw
Mezzanine CMS v4.3.1 allows XSS via the /admin/blog/blogcategory/add/?tofield=id&popup=1 title parameter at admin/blog/blogpost/add/...
CVE-2018-16632
Mezzanine CMS v4.3.1 allows XSS via the /admin/blog/blogcategory/add/?tofield=id&popup=1 title parameter at admin/blog/blogpost/add/...
CVE-2018-16632
Mezzanine CMS v4.3.1 allows XSS via the /admin/blog/blogcategory/add/?tofield=id&popup=1 title parameter at admin/blog/blogpost/add/...
CVE-2018-16632
Mezzanine CMS v4.3.1 is affected by CVE-2018-16632. The vulnerability is a Cross Site Scripting (XSS) flaw triggered via the title parameter in the admin/blog/blogcategory/add/ flow, specifically through the URL /admin/blog/blogcategory/add/?_to_field=id&_popup=1 on the related admin/blog/blogpos...
Jetpack <= 6.4.2 - Authenticated Stored Cross-Site Scripting (XSS)
According to RIPS Technologies: "RIPS detected a Stored XSS vulnerability that affects a module available to premium and professional users of Jetpack. Attackers who gained control over an account on the target site with at least Contributor privileges were able to inject arbitrary JavaScript cod...
Friday Squid Blogging: Problems with the Squid Emoji
The Monterey Bay Aquarium has some problems with the squid emoji. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...
CVE-2018-16628
panel/login in Kirby v2.5.12 allows XSS via a blog name...
CVE-2018-16628
panel/login in Kirby v2.5.12 allows XSS via a blog name...
Cross site scripting
panel/login in Kirby v2.5.12 allows XSS via a blog name...
CVE-2018-16628
panel/login in Kirby v2.5.12 allows XSS via a blog name...
Fleetco Fleet Maintenance Management 1.2 - Remote Code Execution Exploit
Exploit for php platform in category web applications Exploit Title: Fleetco Fleet Maintenance Management 1.2 - Remote Code Execution Exploit Author: Özkan Mustafa Akkuş AkkuS Contact: https://pentest.com.tr Vendor Homepage: https://www.fleetco.space Software Link:...
Security Bulletin: Code execution vulnerability with OpenID connect in WebSphere Application Server Liberty affects IBM WebSphere Application Server in IBM Cloud (CVE-2018-1851)
Summary There is a potential code execution vulnerability in OpenID connect in WebSphere Application Server Liberty. Vulnerability Details CVEID: CVE-2018-1851 DESCRIPTION: IBM WebSphere Application Server OpenID Connect could allow a remote attacker to execute arbitrary code on the system, cause...
CVE-2018-17256
Persistent cross-site scripting XSS vulnerability in Umbraco CMS 7.12.3 allows authenticated users to inject arbitrary web script via the Header Name of a content Blog, Content Page, etc.. The vulnerability is exploited when updating or removing public access of a content...
Cross site scripting
Persistent cross-site scripting XSS vulnerability in Umbraco CMS 7.12.3 allows authenticated users to inject arbitrary web script via the Header Name of a content Blog, Content Page, etc.. The vulnerability is exploited when updating or removing public access of a content...
WPScan v3.4.0 - Black Box WordPress Vulnerability Scanner
WPScan is a free, for non-commercial use, black box WordPress vulnerability scanner written for security professionals and blog maintainers to test the security of their sites. INSTALL Prerequisites: Ruby = 2.2.2 - Recommended: 2.3.3 Curl = 7.21 - Recommended: latest - FYI the 7.29 has a segfault...