Welcart e-Commerce 1.3.12 - purchase_limit Parameter DOM-based XSS

The Welcart e-Commerce WordPress plugin was affected by a purchaselimit Parameter DOM-based XSS security vulnerability...

Automattic: genericons.com - DOM based XSS.

Hi, I found a DOM based XSS located here : http://genericons.com/bold" Best regards, Olivier Beg...

Paypal is a Dom-type XSS vulnerability analysis-vulnerability warning-the black bar safety net

DOM xss, also known as the third type ofxss, or type 0 to. Now DOM - xssmore and more, in addition to because of the variety of JS libraries such as YUI, Jquery, Jquery mobile, etc., there are many programming languages, such as php more support for HTML5 features. W3school defect code sample Man...

OkCupid: DOM based XSS in changing email address

a dom based xss in your site . path : https://www.okcupid.com/settings fill the email address with this : " check the images...

Welcart e-Commerce usc-e-shop.1.3.12 XSS / SQL Injection

============================================================== Title ...| SQL Injection in Welcart e-Commerce Version .| usc-e-shop.1.3.12 Date ....| 3.03.2014 Found ...| HauntIT Blog Home ....| http://wordpress.org/plugins/ ==============================================================...

X2Engine 3.7.3 Cross Site Scripting / Shell Upload / SQL Injection

============================================================== Title ...| Multiple vulnerabilities in X2Engine Version .| X2Engine 3.7.3 Date ....| .02.2014 Found ...| HauntIT Blog Home ....| ============================================================== + For admin logged in...

FeedWeb 2.4 Cross Site Scripting

============================================================== Title ...| DOM-based XSS in FeedWeb Version .| feedweb.2.4 Date ....| 23.02.2014 Found ...| HauntIT Blog Home ....| http://www.wordpress.org/plugins/ ==============================================================...

WordPress Infocus Theme Cross Site Scripting

Infocus Theme DOM Based XSS Details ======= Product: Infocus Theme DOM Based XSS Security-Risk: Moderate Remote-Exploit: yes Company: RHAINFOSEC Website: http://services.rafayhackingarticles.net Vendor-URL: http://themeforest.net/item/infocus-powerful-professional-wordpress-theme/85486...

EMC Documentum Product Suite version 6.7 contains a DOM based cross-site scripting vulnerability

Overview EMC Documentum Product Suite version 6.7 and possibly earlier versions contain a DOM based cross-site scripting vulnerability CWE-79. Description CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' EMC Documentum Product Suite version 6.7 and possib...

Cetelem Online Bank Cross Site Scripting / Clickjacking

=============================================================================================================================================================================================== CETELEM ON LINE BANK Cross Site Scripting and DOM Based XSS / Clickjacking: X-Frame-Options header missin...

11 Firefox Add-ons to Hack and PenTest

1. Tamper Data Tamper data is an great tool to to view and modify HTTP/HTTPS headers and post parameters. We can alter each request going from our machine to destination host with this. Thus it helps in security testing web application by modifying POST parameters. It can be used in performing XS...

Reflected XSS in 'where' param of doSearchSite

Olivier Beg reported quote noformathttps://confluence.atlassian.com/dosearchsite.action?queryString=%22%3E&startIndex=0&lastModified=LASTWEEK&where=confall%22%3E%3Cimg%20src=x%20onerror=alert1%3Enoformat I asume he is DOM based because he works in google chrome. quote This results in code:html co...

Reflected XSS in 'where' param of doSearchSite

Olivier Beg reported quote noformathttps://confluence.atlassian.com/dosearchsite.action?queryString=%22%3E&startIndex=0&lastModified=LASTWEEK&where=confall%22%3E%3Cimg%20src=x%20onerror=alert1%3Enoformat I asume he is DOM based because he works in google chrome. quote This results in code:html co...

CyberKendra Search Bar Cross Site Scripting

RHA InfoSec CyberKendra Search Bar Script DOM Based XSS Vulnerability Details ============= Risk: Moderated Vendor-URL: http://www.cyberkendra.com/ Credits ============= Discovered by: Rafay Baloch And Prakhar Prasad of RHA InfoSec Blog: http://rafayhackingarticles.net Description ============...

Apple Store Vulnerable to XSS

There is a cross-site scripting vulnerability in the Apple Store Web site that is exposing visitors to potential attack. The vulnerability was discovered by a German security researcher who says he informed Apple about the problem in mid-May, but the vulnerability still exists. The XSS...

Apple Cross Site Scripting

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 After four weeks the following xss are still not fixed: Tested with IE8 / IE 10 & Google Chrome 27.0 http://store.apple.com/us/browse/home/shopipad"/ http://store.apple.com/us/browse/home/shopiphone"/...

FreeBSD : couchdb -- DOM based XSS via Futon UI (4fb45a1c-c5d0-11e2-8400-001b216147b0)

Jan Lehnardt reports : Query parameters passed into the browser-based test suite are not sanitised, and can be used to load external resources. An attacker may execute JavaScript code in the browser, using the context of the remote user. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The...

Apache CouchDB < 1.0.4 / 1.1.2 / 1.2.1 Multiple Vulnerabilities

Binary data 800632.prm...

Apache CouchDB < 1.0.4 / 1.1.2 / 1.2.1 Multiple Vulnerabilities

Binary data 6796.prm...

Multiple XSS vulnerabilities - ownCloud

Multiple cross-site scripting XSS vulnerabilities in ownCloud 4.5.8 and all prior versions except 4.0.x allow remote attackers to inject arbitrary web script or HTML via the "quota" POST parameter to setquota.php in /core/settings/ajax/ Commits: 2364c79 stable45 Risk: Low Note: Successful...