Froala 3.2.6-1 Cross Site Scripting

Exploit Title: Stored XSS and Html Code Injection Editor Froala Version 3.2.6-1 Date:06.03.2021 Author: Vincent666 ibn Winnie Software Link: https://froala.com/wysiwyg-editor/ Tested on: Windows 10 Web Browser: Mozilla Firefox My Youtube Channel:...

Froala 3.2.6-1 Cross Site Scripting Vulnerability

Exploit Title: Stored XSS and Html Code Injection Editor Froala Version 3.2.6-1 Author: Vincent666 ibn Winnie Software Link: https://froala.com/wysiwyg-editor/ Tested on: Windows 10 Web Browser: Mozilla Firefox My Youtube Channel: https://www.youtube.com/channel/UCZOWpC2dW9sipPq5z63C2rQ PoC: In t...

Joomla Matukio Events 7.0.5 Cross Site Scripting

Exploit Title:Joomla Matukio Events 7.0.5 Stored XSS Date:08.03.2021 Author: Vincent666 ibn Winnie Software Link: https://matukio.compojoom.com/ Tested on: Windows 10 Web Browser: Mozilla Firefox My Youtube Channel : https://www.youtube.com/channel/UCZOWpC2dW9sipPq5z63C2rQ Google Dorks:...

CVE-2021-26549

An XSS issue was discovered in SmartFoxServer 2.17.0. Input passed to the AdminTool console is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML code in a user's browser session in context of an affected site...

CVE-2020-22839

Reflected cross-site scripting vulnerability XSS in the evoadm.php file in b2evolution cms version 6.11.6-stable allows remote attackers to inject arbitrary webscript or HTML code via the tab3 parameter...

Cross site scripting

An XSS issue was discovered in SmartFoxServer 2.17.0. Input passed to the AdminTool console is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML code in a user's browser session in context of an affected site...

CVE-2020-22839

Reflected cross-site scripting vulnerability XSS in the evoadm.php file in b2evolution cms version 6.11.6-stable allows remote attackers to inject arbitrary webscript or HTML code via the tab3 parameter...

CVE-2021-26549

An XSS issue was discovered in SmartFoxServer 2.17.0. Input passed to the AdminTool console is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML code in a user's browser session in context of an affected site...

CVE-2021-26549

CVE-2021-26549 : SmartFoxServer 2X/2.17.0 exposes a cross-site scripting vulnerability in the AdminTool console where input is not properly sanitized before reflection. This enables an attacker to inject arbitrary HTML/JS that can execute in a user’s browser within the context of the affected sit...

RSA Archer Cross-Site Scripting Vulnerability (CNVD-2021-24477)

RSA Archer is the GRC Enterprise Risk Management Suite. A stored cross-site scripting vulnerability exists in Archer versions prior to 6.8 P4. An attacker can exploit this vulnerability to execute HTML or JavaScript code...

STVS ProVision 5.9.10 Cross Site Scripting

STVS ProVision 5.9.10 Authenticated Reflected Cross-Site Scripting Vendor: STVS SA Product web page: http://www.stvs.ch Platform: Ruby Affected version: 5.9.10 build 2885-3a8219a 5.9.9 build 2882-7c3b787 5.9.7 build 2871-a450938 5.9.1 build 2771-1bbed11 5.9.0 build 2701-6123026 5.8.6 build...

Revive Adserver 5.0.5 Cross Site Scripting / Open Redirect

======================================================================== Revive Adserver Security Advisory REVIVE-SA-2021-001 ------------------------------------------------------------------------ https://www.revive-adserver.com/security/revive-sa-2021-001...

CVE-2020-27851

Multiple stored HTML injection vulnerabilities in the "poll" and "quiz" features in an additional paid add-on of Rocketgenius Gravity Forms before 2.4.21 allows remote attackers to inject arbitrary HTML code via poll or quiz answers. This code is interpreted by users in a privileged role...

MGASA-2021-0038 Updated python-lxml packages fix a security vulnerability

A XSS vulnerability was discovered in python-lxml's clean module. The module's parser didn't properly imitate browsers, which caused different behaviors between the sanitizer and the user's page. A remote attacker could exploit this flaw to run arbitrary HTML/JS code. CVE-2020-27783...

Cross site scripting

A stored cross-site scripting XSS issue in Envira Gallery Lite before 1.8.3.3 allows remote attackers to inject arbitrary JavaScript/HTML code via a POST /wp-admin/admin-ajax.php request with the metatitle parameter...

Exploit for Cross-site Scripting in Beetel 777Vr1_Firmware

CVE-2020-25498: Stored XSS via CSRF in Beetel 777VR1 Router...

CVE-2020-29550

An issue was discovered in URVE Build 24.03.2020. The password of an integration user account used for the connection of the MS Office 365 Integration Service is stored in cleartext in configuration files as well as in the database. The following files contain the password in cleartext:...

Design/Logic Flaw

An issue was discovered in URVE Build 24.03.2020. The password of an integration user account used for the connection of the MS Office 365 Integration Service is stored in cleartext in configuration files as well as in the database. The following files contain the password in cleartext:...

CVE-2020-29550

An issue was discovered in URVE Build 24.03.2020. The password of an integration user account used for the connection of the MS Office 365 Integration Service is stored in cleartext in configuration files as well as in the database. The following files contain the password in cleartext:...

CVE-2020-29550

The CVE-2020-29550 issue affects URVE Build 24.03.2020, where the password for an integration user (Office 365 integration) is stored in cleartext in multiple files and in the database, enabling exposure. Affected files include Profiles/urve/files/sql_db.backup, Server/data/pg_wal/000000010000000...