Cross-Site Scripting (XSS)

lartak/humhub is vulnerable to cross-site scripting XSS. A remote attacker is able to inject arbitrary Javascript into a victim's browser via a /protected/vendor/codeception/codeception/tests/data/app/view/index.php POST request...

CVE-2019-11564

A cross-site scripting XSS vulnerability in HumHub 1.3.12 allows remote attackers to inject arbitrary web script or HTML via a /protected/vendor/codeception/codeception/tests/data/app/view/index.php POST request...

Cross site scripting

A cross-site scripting XSS vulnerability in HumHub 1.3.12 allows remote attackers to inject arbitrary web script or HTML via a /protected/vendor/codeception/codeception/tests/data/app/view/index.php POST request...

CVE-2019-11564

A cross-site scripting XSS vulnerability in HumHub 1.3.12 allows remote attackers to inject arbitrary web script or HTML via a /protected/vendor/codeception/codeception/tests/data/app/view/index.php POST request...

CVE-2019-11564

A cross-site scripting XSS vulnerability in HumHub 1.3.12 allows remote attackers to inject arbitrary web script or HTML via a /protected/vendor/codeception/codeception/tests/data/app/view/index.php POST request...

CVE-2019-11564

HumHub 1.3.12 contains a stored/reflected XSS vulnerability reachable via a POST to /protected/vendor/codeception/codeception/tests/data/app/view/index.php. The CVE-2019-11564 entry is corroborated across multiple sources (NVD, Red Hat, CVE list) with consistent description of an attacker injecti...

HumHub Cross-Site Scripting Vulnerability (CNVD-2019-13252)

Humhub is an open source PHP-based social networking system. A cross-site scripting vulnerability exists in HumHub version 1.3.12, which can be exploited by an attacker to inject arbitrary Web script or HTML...

HumHub 1.3.12 - Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: HumHub 1.3.12 - Cross-Site Scripting Exploit Author: Kağan EĞLENCE Vendor Homepage: https://humhub.org/ Version: 1.3.12 CVE : CVE-2019-11564 Url :...

HumHub 1.3.12 Cross Site Scripting

Exploit Title: HumHub 1.3.12 - Cross-Site Scripting Exploit Author: Kağan EĞLENCE Vendor Homepage: https://humhub.org/ Version: 1.3.12 CVE : CVE-2019-11564 Url : http://localhost/humhub-1.3.12/protected/vendor/codeception/codeception/tests/data/app/view/index.php Vulnerable File :...

HumHub 1.3.12 - Cross-Site Scripting

Exploit Title: HumHub 1.3.12 - Cross-Site Scripting Exploit Author: Kağan EĞLENCE Vendor Homepage: https://humhub.org/ Version: 1.3.12 CVE : CVE-2019-11564 Url : http://localhost/humhub-1.3.12/protected/vendor/codeception/codeception/tests/data/app/view/index.php Vulnerable File :...

HumHub 1.3.12 - Cross-Site Scripting

HumHub 1.3.12 - Cross-Site Scripting Exploit Title: HumHub 1.3.12 - Cross-Site Scripting Exploit Author: Kağan EĞLENCE Vendor Homepage: https://humhub.org/ Version: 1.3.12 CVE : CVE-2019-11564 Url :...

Humhub cross-site scripting vulnerability (CNVD-2019-12168)

Humhub is a set of open source social networking software based on the Yii PHP framework written . A cross-site scripting vulnerability exists in /s/adada/cfiles/upload in Humhub community version version 1.3.10. A remote attacker can exploit this vulnerability to inject arbitrary web script or...

Humhub cross-site scripting vulnerability (CNVD-2019-12169)

Humhub is a set of open source social networking software based on the Yii PHP framework written . A cross-site scripting vulnerability exists in file/file/upload in version 1.3.10 of Humhub Community Edition. A remote attacker can use the 'filename' parameter to inject arbitrary web script or HT...

CVE-2019-9094

A Reflected Cross Site Scripting XSS Vulnerability was discovered in /s/adada/cfiles/upload in Humhub 1.3.10 Community Edition. The user-supplied input containing JavaScript in the filename is echoed back in JavaScript code, which resulted in XSS...

CVE-2019-9093

A Reflected Cross Site Scripting XSS Vulnerability was discovered in file/file/upload in Humhub 1.3.10 Community Edition. The user-supplied input containing a JavaScript payload in the filename parameter is echoed back, which resulted in reflected XSS...

CVE-2019-9094

A Reflected Cross Site Scripting XSS Vulnerability was discovered in /s/adada/cfiles/upload in Humhub 1.3.10 Community Edition. The user-supplied input containing JavaScript in the filename is echoed back in JavaScript code, which resulted in XSS...

CVE-2019-9093

A Reflected Cross Site Scripting XSS Vulnerability was discovered in file/file/upload in Humhub 1.3.10 Community Edition. The user-supplied input containing a JavaScript payload in the filename parameter is echoed back, which resulted in reflected XSS...

Cross site scripting

A Reflected Cross Site Scripting XSS Vulnerability was discovered in file/file/upload in Humhub 1.3.10 Community Edition. The user-supplied input containing a JavaScript payload in the filename parameter is echoed back, which resulted in reflected XSS...

Cross site scripting

A Reflected Cross Site Scripting XSS Vulnerability was discovered in /s/adada/cfiles/upload in Humhub 1.3.10 Community Edition. The user-supplied input containing JavaScript in the filename is echoed back in JavaScript code, which resulted in XSS...

CVE-2019-9094

CVE-2019-9094 describes a reflected XSS in Humhub 1.3.10 Community Edition. Affected component: /s/adada/cfiles/upload; attacker-supplied input in the filename is echoed back in JavaScript code, enabling XSS. Documented in multiple sources (NVD, RH Red Hat advisory, CNVD, OSV, etc.). Exploitation...