Alkacon OpenCMS 15.0 - Multiple Cross-Site Scripting Vulnerability

Exploit Title: Alkacon OpenCMS 15.0 - Multiple Cross-Site Scripting XSS Exploit Author: tmrswrr Vendor Homepage: http://www.opencms.org Software Link: https://github.com/alkacon/opencms-core Version: v15.0 POC: 1 Login in demo page , go to this url...

CVE-2023-34486

itsourcecode Online Hotel Management System Project In PHP v1.0.0 is vulnerable to Cross Site Scripting XSS. Remote code execution can be achieved by entering malicious code in the date selection box...

CVE-2023-34486

itsourcecode Online Hotel Management System Project In PHP v1.0.0 is vulnerable to Cross Site Scripting XSS. Remote code execution can be achieved by entering malicious code in the date selection box...

PT-2023-24903 · Unknown · Itsourcecode Online Hotel Management System Project In Php

Name of the Vulnerable Software and Affected Versions: itsourcecode Online Hotel Management System Project In PHP version 1.0.0 Description: The issue allows for Cross Site Scripting XSS and potentially remote code execution by entering malicious code in the date selection box. This can be...

CVE-2023-34486

itsourcecode Online Hotel Management System Project In PHP v1.0.0 is vulnerable to Cross Site Scripting XSS. Remote code execution can be achieved by entering malicious code in the date selection box...

CVE-2023-27414

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Popup Box Team Popup box plugin = 3.4.4 versions...

CVE-2023-27414

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Popup Box Team Popup box plugin = 3.4.4 versions...

Cross site scripting

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Popup Box Team Popup box plugin = 3.4.4 versions...

CVE-2023-27414

CVE-2023-27414 describes an unauthenticated reflected Cross-Site Scripting (XSS) in the WordPress plugin Popup Box Team Popup box plugin

CVE-2023-27414 WordPress Popup box Plugin <= 3.4.4 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Popup Box Team Popup box plugin = 3.4.4 versions...

WordPress plugin Popup box 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

PT-2023-21102 · Popup Box Team · Popup Box Plugin

Name of the Vulnerable Software and Affected Versions: Popup Box Team Popup box plugin versions prior to 3.4.4 Description: The issue is related to an Unauth. Reflected Cross-Site Scripting XSS vulnerability. This means that an attacker could potentially inject malicious scripts into the website,...

Open redirect

KioWare for Windows through v8.33 was discovered to contain an incomplete blacklist filter for blocked dialog boxes on Windows 10. This issue can allow attackers to open a file dialog box via the function window.print which can then be used to open an unprivileged command prompt...

Open redirect

KioWare for Windows through v8.33 was discovered to contain an incomplete blacklist filter for blocked dialog boxes on Windows 10. This issue can allow attackers to open a file dialog box via the function showDirectoryPicker which can then be used to open an unprivileged command prompt...

TinyMCE Custom Styles < 1.1.4 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. 1. Go to "Settings" » "TinyMCE Custom Styles"...

Firefly - Black Box Fuzzer For Web Applications

Firefly is an advanced black-box fuzzer and not just a standard asset discovery tool. Firefly provides the advantage of testing a target with a large number of built-in checks to detect behaviors in the target. Note: Firefly is in a very new stage v1.0 but works well for now, if the target does n...

CVE-2022-48330

A Huawei sound box product has an out-of-bounds write vulnerability. Attackers can exploit this vulnerability to cause buffer overflow. Affected product versions include:FLMG-10 versions FLMG-10 10.0.1.0H100SP22C00...

CVE-2022-48330

A Huawei sound box product has an out-of-bounds write vulnerability. Attackers can exploit this vulnerability to cause buffer overflow. Affected product versions include:FLMG-10 versions FLMG-10 10.0.1.0H100SP22C00...

Buffer overflow

A Huawei sound box product has an out-of-bounds write vulnerability. Attackers can exploit this vulnerability to cause buffer overflow. Affected product versions include:FLMG-10 versions FLMG-10 10.0.1.0H100SP22C00...

CVE-2022-48330

CVE-2022-48330 affects Huawei FLMG-10 (firmware 10.0.1.0/H100SP22C00). The issue is an out-of-bounds write that can cause a buffer overflow. Severity is HIGH (CVSS 3.1: 8.0). No exploit details are provided in the documents. Remediation status is not specified; monitor Huawei PSIRT advisory HWPSI...