129 matches found
CVE-2021-24781 Image Source Control < 2.3.1 - Contributor+ Arbitrary Post Meta Value Change
The Image Source Control WordPress plugin before 2.3.1 allows users with a role as low as Contributor to change arbitrary post meta fields of arbitrary posts even those they should not be able to edit...
WordPress 访问控制错误漏洞
WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The WordPress Image Source Control Plugin is vulnerable to an access control error in versions prior to 2.3.1. The vulnerability stems from the lack of proper restrictions on the role permissions of the...
Image Source Control < 2.3.1 - Contributor+ Arbitrary Post Meta Value Change
The plugin allows users with a role as low as Contributor to change arbitrary post meta fields of arbitrary posts even those they should not be able to edit PoC Run while in the Post/Page editor as a contributor jQuery.postajaxurl, action: "iscsavemeta", nonce: iscData.nonce, id:781, key:...
WordPress Image Source Control plugin <= 2.3.0 - Arbitrary Post Meta Value Change vulnerability
Arbitrary Post Meta Value Change vulnerability discovered by apple502j in WordPress Image Source Control plugin versions = 2.3.0. Solution Update the WordPress Image Source Control plugin to the latest available version at least 2.3.1...
Image Source Control < 2.3.1 - Contributor+ Arbitrary Post Meta Value Change
The plugin allows users with a role as low as Contributor to change arbitrary post meta fields of arbitrary posts even those they should not be able to edit Run while in the Post/Page editor as a contributor jQuery.postajaxurl, action: "iscsavemeta", nonce: iscData.nonce, id:781, key:...
Shopify: Stored XSS in SVG file as data: url
A stored XSS vulnerability was discovered in Shopify's rich text editor on July 24, 2021. Attackers were able to insert an XSS payload encoded in an SVG file using data: URLs. The vulnerability was fixed by preventing the conversion of data: URLs into blob: URLs...
Open-Xchange: XSS - Notes - Attribute injection through overlapping tags
The Notes app uses simple markup language to format the content, which is later converted to HTML for display. javascript // frontend/ui/apps/io.ox/notes/parser.js parsePlainText: function text var lines = .escapetext.split/\n/, openList; ... var html = lines.join'' .replace/!\.?/g, ''...
Vtiger CRM 7.1.0 Remote Code Execution
Exploit Title: Vtiger CRM 7.1.0 - Remote Code Execution Date: 2018-12-27 Exploit Author: Azkan Mustafa AkkuA AkkuS Contact: https://pentest.com.tr Vendor Homepage: https://www.vtiger.com Software Link: https://sourceforge.net/projects/vtigercrm/files/latest/download Version: v7.1.0 Category:...
CVE-2018-18361
An issue was discovered in nc-cms through 2017-03-10. index.php?action=edithtml allows XSS via the name parameter, as demonstrated by a value beginning with homecontent and containing a crafted SRC attribute of an IMG element...
DEBIAN-CVE-2018-5162
Plaintext of decrypted emails can leak through the src attribute of remote images, or links. This vulnerability affects Thunderbird ESR 52.8 and Thunderbird 52.8...
CVE-2018-8978
Open-AudIT Professional 2.1 has XSS via a crafted src attribute of an IMG element within a URI...
paul-sacher-stiftung.ch XSS vulnerability
Open Bug Bounty ID: OBB-575922 Description| Value ---|--- Affected Website:| paul-sacher-stiftung.ch Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
CVE-2017-18175
Progress Sitefinity 9.1 has XSS via the Content Management Template Configuration aka Templateconfiguration, as demonstrated by the src attribute of an IMG element. This is fixed in 10.1...
DEBIAN-CVE-2018-6790
An issue was discovered in KDE Plasma Workspace before 5.12.0. dataengines/notifications/notificationsengine.cpp allows remote attackers to discover client IP addresses via a URL in a notification, as demonstrated by the src attribute of an IMG element...
CVE-2017-15008
PRTG Network Monitor version 17.3.33.2830 is vulnerable to stored Cross-Site Scripting on all sensor titles, related to incorrect error handling for a %00 in the SRC attribute of an IMG element...
TinyMCE WYSIWYG Editor - Multiple Vulnerabilities
No description provided by source. + Vurnerebility: Js tinymce/tinymce WYSIWYGjava script vurnerebility xss--popup & SQl implemented + Language : Java--,Xml + lisences : LGPL + Vendor : Moxiecode Systems AB + support : IE7J0/IE6.0/NS8.1-IE/NS8.1-G/FF2.0/O9.02; + Category : bug report + vendor :...
HTML Creator And Sender 2.3 Buffer Overflow
!/usr/bin/env python HTML Creator & Sender = v2.3 Build 697 Local Buffer Overflow Exploit SEH Coded By: DrIDE Based On: http://www.milw0rm.com/exploits/9446 Testd On: Windows XP SP2 Download: http://www.html-email.net/ Usage: Browse to file, enter anything for From and To, Send Email. import stru...
HTML Creator & Sender 2.3 build 697 - Local Buffer Overflow (SEH)
!/usr/bin/env python HTML Creator & Sender = v2.3 Build 697 Local Buffer Overflow Exploit SEH Coded By: DrIDE Based On: http://www.milw0rm.com/exploits/9446 Testd On: Windows XP SP2 Download: http://www.html-email.net/ Usage: Browse to file, enter anything for From and To, Send Email. import stru...
HTML Email Creator 2.1b668 - html Local Overwrite (SEH)
/ :::::::-. ... ::::::. :::. ;;, ';, ;; ;;;;;;;, ;;; ' . ' $$, $$$$ $$$ $$$ "Y$c$$ 888,o8P'88 .d888 888 Y88 MMMMP" "YmmMMMM"" MMM YM Discovered and Exploited by dun HTML Email Creator or or 520 | | NOPs jmp 11 pop-pop-ret NOPs shellcode NOPs 56 4 4 40 343 73 Greetz: suN8Hclf, str0ke...
google-chrome-dos4.txt
Metascortexsecurity img...