Lucene search
K

357 matches found

Packet Storm
Packet Storm
added 2015/04/01 12:0 a.m.47 views

NASA.gov Cross Site Scripting

Exploit Title: NASA.gov main-domain DOM-XSS Date: 01/04/2015 Author: Yann CAM - Georges TAUPIN @ Synetis - ASafety Vendor or Software Link: www.nasa.gov Version: / Category: DOM-XSS Google dork: Tested on: NASA.gov main-domain NASA description :...

7.4AI score
Exploits0
Kitploit
Kitploit
added 2014/09/09 2:38 a.m.16 views

XSScrapy - Fast, thorough XSS vulnerability spider

Fast, thorough, XSS spider. Give it a URL and it'll test every link it finds for cross-site scripting vulnerabilities. XSS attack vectors xsscrapy will test Referer header way more common than I thought it would be! User-Agent header Cookie header added 8/24/14 Forms, both hidden and explicit URL...

5.6AI score
Exploits0References1
Packet Storm
Packet Storm
added 2014/09/01 12:0 a.m.30 views

Google Chrome 36.0 XSS Auditor Bypass

Vulnerability: Google Chrome 36.0 XSS Auditor Bypass Impact: Moderate Authors: Rafay Baloch Company: RHAInfoSec Website: http://rhainfosec.com version: Latest Description Google chrome XSS auditor was found prone to a bypass when the user input passed though location.hash was being written to the...

0.5AI score
Exploits0
WPVulnDB
WPVulnDB
added 2014/08/01 12:0 a.m.17 views

Multiple Themes - PrettyPhoto DOM XSS

...

4.3CVSS1.7AI score0.03111EPSS
Exploits1References2Affected Software3
Kitploit
Kitploit
added 2014/04/27 12:2 a.m.52 views

IronWASP 2014 - One of the world's best web security scannners

Find security issues on your website automatically using IronWASP, one of the world's best web security scannners. Here's what is new: 1 Login recording Now you can easily just record a login sequence and use it in vulnerability scans and other automated tests. See video tutorial. 2 Automatically...

7.6AI score
Exploits0
Packet Storm
Packet Storm
added 2014/04/18 12:0 a.m.15 views

vBulletin 5.1 Cross Site Scripting

Exploit Title: vBulletin 5.1 Multiple XSS vulnerabilities Authors: Romanian Security Team Website: https://rstforums.com/forum/ Date published: 19 April 2014 Software: vBulletin Version: 5.1.1 Alpha 9 XSS Random topic -...

0.2AI score
Exploits0
Kitploit
Kitploit
added 2014/01/08 5:30 a.m.19 views

[Arachni v0.4.6 - Web User Interface v0.4.3] Open Source Web Application Security Scanner Framework

Arachni is a feature-full, modular, high-performance Ruby framework aimed towards helping penetration testers and administrators evaluate the security of web applications. Arachni is smart, it trains itself by learning from the HTTP responses it receives during the audit process. Unlike other...

7.3AI score
Exploits0
Atlassian
Atlassian
added 2013/12/09 4:14 a.m.19 views

DOM XSS in dhtmlHistory.js when using IE

In the createIE function inside dhtmlHistory.js|https://stash.atlassian.com/projects/JIRA/repos/jira/browse/jira-components/jira-webapp/src/main/webapp/includes/lib/dhtmlhistory/dhtmlHistory.js333 the value of the fragment identifier, is concatenated to create the html of an iframe without first...

0.2AI score
Exploits0
Atlassian
Atlassian
added 2013/12/09 4:14 a.m.16 views

DOM XSS in dhtmlHistory.js when using IE

In the createIE function inside dhtmlHistory.js|https://stash.atlassian.com/projects/JIRA/repos/jira/browse/jira-components/jira-webapp/src/main/webapp/includes/lib/dhtmlhistory/dhtmlHistory.js333 the value of the fragment identifier, is concatenated to create the html of an iframe without first...

0.2AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/09/02 7:10 a.m.20 views

'self' xss reported in a question's moderate

panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Cloud. Using Confluence Server? See the corresponding bug report|http://jira.atlassian.com/browse/CONFSERVER-47423. panel We have received an external report of a dom xss in the moderation code for a question on answers.atlassian.com...

0.8AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/09/02 7:10 a.m.22 views

'self' xss reported in a question's moderate

panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Server. Using Confluence Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/CONFCLOUD-47423. panel We have received an external report of a dom xss in the moderation code for a question on answers.atlassian.com...

0.8AI score
Exploits0
w3af
w3af
added 2013/06/10 11:2 p.m.10 views

dom_xss

This plugin greps every page for traces of DOM XSS. An interesting paper about DOM XSS can be found here: http://www.webappsec.org/projects/articles/071105.shtml Plugin type Grep Options This plugin doesnt have any user configured options. Source For more information about this plugin and the...

Exploits0
Tenable Nessus
Tenable Nessus
added 2013/04/20 12:0 a.m.28 views

Mandriva Linux Security Advisory : couchdb (MDVSA-2013:067)

Updated couchdb packages fix security vulnerabilities : A security flaw was found in the way Apache CouchDB, a distributed,fault- tolerant and schema-free document-oriented database accessible via a RESTful HTTP/JSON API, processed certain JSON callback. A remote attacker could provide a speciall...

6.8CVSS5.4AI score0.06558EPSS
Exploits0References2
Packet Storm
Packet Storm
added 2013/02/02 12:0 a.m.36 views

easyXDM Library Cross Site Scripting

Affected products ================= easyXDM library 2.4.19 - http://easyxdm.net/wp/ easyXDM is a Javascript library that enables you as a developer to easily work around the limitation set in place by the Same Origin Policy, in turn making it easy to communicate and expose javascript API's across...

4.3CVSS0.01804EPSS
Exploits2
Exploit DB
Exploit DB
added 2012/08/20 12:0 a.m.43 views

GWebmail 0.7.3 - Cross-Site Scripting / Local File Inclusion / Remote Code Execution

!/usr/bin/python ''' Exploit Title: XSS & LFI RCE Vulnerabilities in GWebmail Date: 11/08/2012 Exploit Author: Shai rod @NightRang3r Vendor Homepage: https://www.gwebmail.net Software Link: https://www.gwebmail.net/download/ Version: 0.7.3 Gr33Tz: @aviadgolan , @benhayak, @nirgoldshlager,...

7.4AI score
Exploits0
Prion
Prion
added 2012/08/06 4:55 p.m.14 views

Cross site scripting

Opera before 12.01 on Windows and UNIX, and before 11.66 and 12.x before 12.01 on Mac OS X, does not properly escape characters in DOM elements, which makes it easier for remote attackers to bypass cross-site scripting XSS protection mechanisms via a crafted HTML document...

4.3CVSS5.8AI score0.01198EPSS
Exploits0References5Affected Software1
seebug.org
seebug.org
added 2010/05/13 12:0 a.m.21 views

百度空间hi.baidu creatbgmusic() Dom-Xss Bug

百度空间的Javascript Dom函数creatbgmusic在输出变量bgmusic没有进行过滤,导致可以通过initBlogTextForFCK函数构造容易HTML代码,最终导致xss漏洞 在http://hi.baidu.com//js/bgmusic.js?v=1.0.js 代码: function creatbgmusicmurl, musicnum, IsMusicHide, IsMusicLoop, IsMusicAutoPlay, unknow, functype //传入的murl赋值到bgmusic1和bgmusic2中 //可以通过构造类似代码来闭合标签如 "i...

7AI score
Exploits0
Rows per page
Query Builder