Server: Multiple XSS vulnerabilities

Multiple cross-site scripting XSS vulnerabilities in ownCloud 4.5.6 and 4.0.11 and all prior versions allow remote attackers to inject arbitrary web script or HTML via the "sitename" and "siteurl" POST parameters to setsites.php in /apps/external/ajax/ CVE-2013-0297 Commits: e0140a stable45,...

MediaWiki < 1.18.5 / 1.19.2 Multiple Vulnerabilities

According to its version number, the instance of MediaWiki running on the remote host is affected by multiple security vulnerabilities : - A stored cross-site scripting HTML injection vulnerability exists because the application fails to sufficiently sanitize user-supplied input submitted to the...

FreeBSD : mediawiki -- multiple vulnerabilities (7c0fecd6-f42f-11e1-b17b-000c2977ec30)

MediaWiki reports : Bug 39700 Wikipedia administrator Writ Keeper discovered a stored XSS HTML injection vulnerability. This was possible due to the handling of link text on File: links for nonexistent files. MediaWiki 1.16 and later is affected. Bug 39180 User Fomafix reported several DOM-based...

mediawiki -- multiple vulnerabilities

Mediawiki reports: Bug 39700 Wikipedia administrator Writ Keeper discovered a stored XSS HTML injection vulnerability. This was possible due to the handling of link text on File: links for nonexistent files. MediaWiki 1.16 and later is affected. Bug 39180 User Fomafix reported several DOM-based X...

Новая XSS уязвимость в Yandex.Server

Здравствуйте 3APA3A! Сообщаю вам о новой Cross-Site Scripting уязвимости в Yandex.Server Яндекс.Сервер. Ранее я уже сообщал о других XSS в Yandex.Server CVE-2007-3485 и в 2007 году о них сообщал Яндексу. Который должен был исправить уязвимости и не допускать новых. Но Яндекс с этим не справился и...

Yandex.Server 2010 9.0 Enterprise Cross Site Scripting

Hello list! I want to warn you about new Cross-Site Scripting vulnerability in Yandex.Server. Earlier I've informed about other XSS in Yandex.Server CVE-2007-3485 - mentioned about them in my Month of Search Engines Bugs project. And in 2007 I've informed Yandex about them. Which should fix these...

Minify 2.1.3 Cross Site Scripting

+-------------------------------------------------------------------------------------------+ Title : Minify and related plugins DOM-Based XSS Vulnerability Version : 2.1.3 & 2.1.4-Beta Credit : Ayoub Aboukir, Independent Security Researcher Contact : Software Link :...

FrameJammer DOM based XSS

Software:FrameJammer Author:Hal Pawluk Software Description: FrameJammer is a little javascript code which prevents opening framed pages outside their frameset. FrameJammer used to be distributed as a Macromedia Dreamweaver extension, nowadays web developers are spreading it with copy-paste...

FrameJammer Cross Site Scripting

Software:FrameJammer Author:Hal Pawluk Software Description: FrameJammer is a little javascript code which prevents opening framed pages outside their frameset. FrameJammer used to be distributed as a Macromedia Dreamweaver extension, nowadays web developers are spreading it with copy-paste...

couchdb -- DOM based Cross-Site Scripting via Futon UI

Jan Lehnardt reports: Query parameters passed into the browser-based test suite are not sanitised, and can be used to load external resources. An attacker may execute JavaScript code in the browser, using the context of the remote user...

Social Book Facebook Clone Script Cross Site Scripting

Exploit Title: Social Book Facebook Clone Script Reflected XSS Vulnerability Date: 2011 Author: Eyup CELIK Version: All Version Tested on: All versions are Vulnerability Web Site: www.eyupcelik.com.tr ISSUE XSS can be done using the command input Vulnerable Page: signup.php lostpass.php login.php...

xAjax Cross Site Scripting / Path Disclosure

Hello list! I want to warn you about Cross-Site Scripting and Full path disclosure vulnerabilities in xAjax and xajaxjqueryplugin. ------------------------- Affected products: ------------------------- Vulnerable are potentially all versions of xAjax. Vulnerable are all versions of...

Уязвимости в xAjax и xajax_jquery_plugin

Здравствуйте 3APA3A! Сообщаю вам о найденных мною Cross-Site Scripting и Full path disclosure уязвимостях в xAjax и xajaxjqueryplugin. XSS WASC-08: http://site/cms/’;alertdocument.cookie;/ Это DOM Based XSS. Данная уязвимость в частности имеет место в MC Content Manager которая использует xAjax...

IB Promotion Advanced Business Web Suite Cross Site Scripting

Hello Bugtraq! I want to warn you about Cross-Site Scripting and Insufficient Anti-automation vulnerabilities in IB Promotion Advanced Business Web Suite. It's Ukrainian commercial CMS. XSS WASC-08: http://site/search/?qs=’;alertdocument.cookie;// It's DOM Based XSS. Insufficient Anti-automation...

Yahoo! Mail Cross Site Scripting

Title: Yahoo mail Dom Based Cross Site Scripting Author: Pratul Agrawal Date: 13/06/2010 Indian Hacker Service: Webmail Vendor: Yahoo mail, and possibly others Vulnerability: Cross Site Scripting / Cookie-Theft / Relogin attacks Severity: High Tested on: Microsoft IE 7.0 Details: Yahoo mail filte...

Dojo Toolkit SDK 1.4.1 Cross Site Scripting

=========================================================== Multiple DOM-Based XSS in Dojo Toolkit SDK Public Release Date: 3/12/2010 Adam Bixby - Gotham Digital Science [email protected] Affected Software: Dojo Toolkit SDK = Build 1.4.1 Browser used for testing: IE8 8.0.7600.16385 Severity:...

Dojo Toolkit SDK v1.4.1 Cross Site Scripting Vulnerability

Exploit for unknown platform in category web applications ========================================================== Dojo Toolkit SDK v1.4.1 Cross Site Scripting Vulnerability ========================================================== ===========================================================...

Adobe Flex 3.3 Cross Site Scripting

================================================== Adobe Flex 3.3 SDK DOM-Based XSS Public Release Date: 8/19/2009 Adam Bixby - Gotham Digital Science Affected Software: Adobe Flex 3.3 SDK and earlier ================================================== 1. Summary...

Month Of Twitter Bugs - Twitterfall XSS

Wednesday, July 8, 2009 MoTB 08: DOM Based XSS in Twitterfall What is Twitterfall "Twitterfall is a way of viewing the latest 'tweets' of upcoming trends and custom searches on the micro-blogging site Twitter. Updates fall from the top of the page in near-realtime.." Twitterfall home page Twitter...

Vulnerability in Joomla!

Здравствуйте 3APA3A! Сообщаю вам о найденной мною Cross-Site Scripting уязвимости в Joomla!. XSS: Уязвимость в поиске по сайту в параметре searchword. Дыра является DOM based XSS. http://site/index.php?option=comsearch&searchword=';alert'XSS'// Для исполнения кода, пользователь должен сменить...