CVE-2018-7737

In Z-BlogPHP 1.5.1.1740, there is Web Site physical path leakage, as demonstrated by adminfooter.php or adminfooter.php. NOTE: the software maintainer disputes that this is a vulnerability...

XML External Entity Injection in Jive-n (CVE-2018-5758)

The post XML External Entity Injection in Jive-n CVE-2018-5758 appeared first on Rhino Security Labs...

PT-2018-18247 · Z Blogphp · Z-Blogphp

Name of the Vulnerable Software and Affected Versions: Z-BlogPHP version 1.5.1.1740 Description: There is a reported issue in Z-BlogPHP where the cmd.php file is susceptible to XSS attacks via the ZC BLOG SUBNAME parameter or the ZC UPLOAD FILETYPE parameter. However, the software maintainer...

naturfactor.com XSS vulnerability

Open Bug Bounty ID: OBB-574488 Description| Value ---|--- Affected Website:| naturfactor.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

ClipBucket <= 4.0.0 Multiple Vulnerabilities

ClipBucket is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:oxygenz:clipbucket"; if...

Concrete5 Comments on Enumeration Vulnerability

concrete5 is an open source content management system CMS for publishing content on the World Wide Web and intranet. A comment enumeration vulnerability exists in tools/conversations/viewajax.php in Concrete5 before 8.3.0. An unauthenticated user can exploit this vulnerability by posting a reques...

Design/Logic Flaw

An issue was discovered in tools/conversations/viewajax.php in Concrete5 before 8.3.0. An unauthenticated user can enumerate comments from all blog posts by POSTing requests to /index.php/tools/required/conversations/viewajax with incremental 'cnvID' integers...

CVE-2017-18195

An issue was discovered in tools/conversations/viewajax.php in Concrete5 before 8.3.0. An unauthenticated user can enumerate comments from all blog posts by POSTing requests to /index.php/tools/required/conversations/viewajax with incremental 'cnvID' integers...

CVE-2017-18195

Concrete5

CVE-2018-7447

mojoPortal through 2.6.0.0 is prone to multiple persistent cross-site scripting vulnerabilities because it fails to sanitize user-supplied input. The 'Title' and 'Subtitle' fields of the 'Blog' page are vulnerable. NOTE: The software maintainer disputes this as a vulnerability because the fields...

Cross site scripting

DISPUTED mojoPortal through 2.6.0.0 is prone to multiple persistent cross-site scripting vulnerabilities because it fails to sanitize user-supplied input. The 'Title' and 'Subtitle' fields of the 'Blog' page are vulnerable. NOTE: The software maintainer disputes this as a vulnerability because th...

CVE-2018-7447

mojoPortal through 2.6.0.0 is prone to multiple persistent cross-site scripting vulnerabilities because it fails to sanitize user-supplied input. The 'Title' and 'Subtitle' fields of the 'Blog' page are vulnerable. NOTE: The software maintainer disputes this as a vulnerability because the fields...

CVE-2018-7447

mojoPortal up to version 2.6.0.0 is affected by persistent cross-site scripting in the Blog page’s Title and Subtitle fields due to inadequate input sanitization. The vulnerability arises from failing to filter user input, enabling XSS in affected pages. The maintainer disputes this as a vulnerab...

MojoPortal Cross-Site Scripting Vulnerability (CNVD-2018-05173)

mojoPortal is an American programmer Joe Audette developed a set of open source , object-oriented Web site architecture WSF and content management system CMS, it provides event calendar , photo albums , file manager and so on. A cross-site scripting vulnerability exists in the Title and Subtitle...

PT-2018-18076 · Mojoportal · Mojoportal

Name of the Vulnerable Software and Affected Versions: mojoPortal versions prior to 2.6.0.0 Description: The issue arises from the software's failure to sanitize user-supplied input, leading to multiple persistent cross-site scripting vulnerabilities. Specifically, the Title and Subtitle fields o...

Friday Squid Blogging: The Symbiotic Relationship Between the Bobtail Squid and a Particular Microbe

This is the story of the Hawaiian bobtail squid and Vibrio fischeri. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

ラピッド サイバー攻撃の一種、Petya の概要

本記事は、Microsoft Secure ブログ “Overview of Petya, a rapid cyberattack” 2018 年 2 月 5 日 米...

Cross site scripting

Yab Quarx through 2.4.3 is prone to multiple persistent cross-site scripting vulnerabilities: Blog Title, FAQ Question, Pages Title, Widgets Name, and Menus Name...

CVE-2018-7274

Yab Quarx through 2.4.3 is prone to multiple persistent cross-site scripting vulnerabilities: Blog Title, FAQ Question, Pages Title, Widgets Name, and Menus Name...

CVE-2018-7274

Yab Quarx through 2.4.3 is prone to multiple persistent cross-site scripting vulnerabilities: Blog Title, FAQ Question, Pages Title, Widgets Name, and Menus Name...