D-Link DSL-3782 Cross-Site Scripting Vulnerability

The D-Link DSL-3782 is a wireless router from AUO D-Link of Taiwan, China. A cross-site scripting vulnerability exists in the web interface of the D-Link DSL-3782 using firmware version 1.01, which stems from the lack of proper validation of client data by the WEB application. An attacker could...

MyBB Cross-Site Scripting Vulnerability (CNVD-2021-25714)

MyBB MyBulletinBoard is the MyBB team developed a set of PHP and MySQL development of free and Web-based forum software. The software is easy to use , support for multiple languages , scalable and so on.ModCP Profile Editor is used in one of the ModCP configuration editor . The ModCP Profile Edit...

Palo Alto Networks Expedition Migration Tool Cross-Site Scripting Vulnerability (CNVD-2019-14249)

Palo Alto Networks Expedition Migration Tool is a security policy configuration migration tool from Palo Alto Networks, USA. A cross-site scripting vulnerability exists in Palo Alto Networks Expedition Migration Tool 1.1.8 and prior versions, which stems from a lack of proper validation of...

Drupal cross-site scripting vulnerability (CNVD-2019-12155)

Drupal is an open source content management system developed by the Drupal community using the PHP language. A cross-site scripting vulnerability exists in Drupal version 7 prior to 7.65, version 8.6 prior to 8.6.13, and version 8.5 prior to 8.5.14, which stems from a lack of proper validation of...

Frog CMS Cross-Site Scripting Vulnerability (CNVD-2019-34649)

Frog CMS is a Content Management System CMS developed by Philippe Archambault Software Developers. The system provides tools for page templates, user rights management and document management. A cross-site scripting vulnerability exists in Frog CMS. An attacker can exploit this vulnerability to...

Frog CMS Cross-Site Scripting Vulnerability (CNVD-2019-34645)

Frog CMS is a Content Management System CMS developed by Philippe Archambault Software Developers. The system provides tools for page templates, user rights management and document management. A cross-site scripting vulnerability exists in Frog CMS. An attacker can exploit this vulnerability to...

Frog CMS Cross-Site Scripting Vulnerability (CNVD-2019-34648)

Frog CMS is a Content Management System CMS developed by Philippe Archambault Software Developers. The system provides tools for page templates, user rights management and document management. A cross-site scripting vulnerability exists in Frog CMS. An attacker can exploit this vulnerability to...

Cross site scripting

Martem TELEM GW6 and GWM devices with firmware 2018.04.18-linux4-01-601cb47 and prior allow improper sanitization of data over a Websocket which may allow cross-site scripting and client-side code execution with target user privileges...

CVE-2018-10609

Martem TELEM GW6 and GWM devices with firmware 2018.04.18-linux4-01-601cb47 and prior allow improper sanitization of data over a Websocket which may allow cross-site scripting and client-side code execution with target user privileges...

WordPress: antispambot does not always escape <, >, &, " and '

The antispambot function escapes some randomly selected characters from its first argument, for example: , &, ", or '. These last five characters should always be escaped. There is a chance that this will print out unescaped: console.log"hello";'; Even though the chance of this happening is low,...

CVE-2015-6250

simple-php-captcha before commit 9d65a945029c7be7bb6bc893759e74c5636be694 allows remote attackers to automatically generate the captcha response by running the same code on the client-side...

CVE-2015-6250

CVE-2015-6250 affects the simple-php-captcha project. A vulnerability in the captured code before commit 9d65a945029c7be7bb6bc893759e74c5636be694 allows remote attackers to automatically generate CAPTCHA responses by running the same code on the client-side, effectively bypassing CAPTCHA verifica...

SUSE-SU-2017:2250-1 Security update for mercurial

This update for mercurial fixes the following issues: - CVE-2017-1000115: path traversal via symlink could lead to unauthorized access bsc1053344 - CVE-2017-1000116: argument injection in SSH URLs could lead to client-side code execution bsc1052696...

SUSE-SU-2017:2225-1 Security update for git

This update for git fixes the following issues: - CVE-2017-1000117: an argument injection in SSH URLs could lead to client-side code execution bsc1052481...

Dropbox: Dropbox Paper - Markdown XSS

Hello, Today I took a look at Dropbox Paper and noticed there is an option to export/download the project as a Markdown or word docx document. I noticed it doesn't filter any kind of Markdown escaping, meaning when parsed after download will let us execute client side code. equivallent to arbrita...

Cross-Site Scripting

Overview Affected versions of jquery are vulnerable to cross-site scripting. This occurs because the main jquery function uses a regular expression to differentiate between HTML and selectors, but does not properly anchor the regular expression. The result is that jquery may interpret HTML as...

Trend Micro Direct Pass Cross-Site Request Forgery Vulnerability

DirectPass runs as a native control or browser plug-in. A cross-site request forgery vulnerability exists in Trend Micro Direct Pass. An attacker could inject malicious code on the client side of the service bypassing input filters...

Shopify: XSS on https://app.shopify.com/

DESCRIPTION =========== It has been identified that the page located at https://app.shopify.com/ is prone to cross-site scripting issues. Cross-site Scripting XSS refers to client-side code injection attack wherein an attacker can execute malicious scripts also commonly referred to as a malicious...

Advanced Electron Forum 1.0.9 - Persistent Cross-Site Scripting

Exploit for php platform in category web applications + Credits: hyp3rlinx Vendor: ============================= www.anelectron.com/downloads/ Product: ==================================== Advanced Electron Forum v1.0.9 AEF Exploit patched current version. Vulnerability Type: ===================...

JSPMySQL Administrador CSRF &amp; XSS Vulnerabilities

Credits: hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AS-JSPMYSQLADMINISTRADOR-0904.txt Vendor: ================================ JSPMySQL Administrador https://sites.google.com/site/mfpledon/producao-de-software Product:...