jquery-ui: cross-site scripting in dialog closeText

It was found that a parameter of the dialog box feature of jQuery UI was vulnerable to cross site scripting. An attacker could use this flaw to execute a malicious script via the dialog box when it was displayed to a user...

Low: Red Hat Security Advisory: python-XStatic-jquery-ui security update

An update for python-XStatic-jquery-ui is now available for Red Hat OpenStack Platform 9.0 Mitaka. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for eac...

chatNow v1.1 - SQL Injection Web Vulnerability

Document Title: =============== chatNow v1.1 - SQL Injection Web Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2013 Source: https://github.com/thiagosf/chatNow Release Date: ============= 2016-11-28 Vulnerability Laboratory ID VL-ID:...

chatNow v1.1 - SQL Injection Web Vulnerability

Document Title: =============== chatNow v1.1 - SQL Injection Web Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2013 Source: https://github.com/thiagosf/chatNow Release Date: ============= 2016-11-28 Vulnerability Laboratory ID VL-ID:...

Alienvault OSSIM/USM 5.3.1 Persistent Cross Site Scripting

Details ======= Product: Alienvault OSSIM/USM Vulnerability: Stored XSS Author: Peter Lapp, lappsec gmail com CVE: CVE-2016-8581 CVSS: 3.5 Vulnerable Versions: Current Sessions. POC === The POC uses jQuery to send all session IDs on the "Current Sessions" page to an arbitrary site Google, in this...

BoxBilling 4.20 Cross Site Scripting

======================================================================== | Title : BoxBilling 4.20 cross site scripting Exploits | Author : indoushka | email : [email protected] | Tested on : windows 8.1 FranASSais V.Pro | Version : 4.20 | Vendor :...

jQuery Image Upload Vulnerability

jQuery is an American programmer John Resig developed a set of open source, cross-browser JavaScript library . There is a security vulnerability in jQuery. Since jQuery's jqueryuploadcrop fails to restrict the format of uploaded images, an attacker can exploit this vulnerability to upload specifi...

PHPIPAM 1.2.1 Cross Site Scripting / SQL Injection

PHPIPAM 1.2.1 Multiple Vulnerabilities Author: Saeed reza Zamanian penetrationtest @ Linkedin Product: 06 Sep 2016 Tested Version: phpipam-1.2.1 Latest Version - modified on 2016-02-13 Vendor: http://phpipam.net/ Product URL: https://sourceforge.net/projects/phpipam/ Date: 20 Mar 2016 About...

CVE-2016-7103

It was found that a parameter of the dialog box feature of jQuery UI was vulnerable to cross site scripting. An attacker could use this flaw to execute a malicious script via the dialog box when it was displayed to a user...

XSS Vulnerability on closeText option of Dialog jQuery UI

Cross-site scripting XSS vulnerability in jQuery UI before 1.12.0 might allow remote attackers to inject arbitrary web script or HTML via the closeText parameter of the dialog function...

jQuery cross-site scripting vulnerability

jQuery is an American programmer John Resig developed a set of open source , cross-browser JavaScript library . The library simplifies the operation between HTML and JavaScript , and has a modular , plug-in extensions and other features . A cross-site scripting vulnerability exists in versions of...

Silver Stripe CMS: source code security analysis report

Several vulnerabilities were discovered in SilverStripe Limited 'Silver Stripe CMS' software: Incorrect User Input Filtration when Connecting to External Files File System Path Manipulation Using Global Variables Incorrect User Input Filtration when Using the unserialize Function Incorrect Newlin...

XSS in dialog closeText

Overview Affected versions of jquery-ui are vulnerable to a cross-site scripting vulnerability when arbitrary user input is supplied as the value of the closeText parameter in the dialog function. jQuery-UI is a library for manipulating UI elements via jQuery. Version 1.11.4 has a cross site...

Moodle: source code security analysis report

Several vulnerabilities were discovered in Moodle 'Moodle' software: File System Path Manipulation Incorrect User Input Filtration when Using the unserialize Function Incorrect Newline Symbol Filtration in HTTP-response Headers Using Insufficiently Random Generators in Cryptography HttpOnly Cooki...

Hippo CMS: source code security analysis report

Several vulnerabilities were discovered in Hippo 'Hippo CMS' software: Using XSL Transformation to Execute Any Code Violating the Java Object Model Missing XML document schema validation Using Broken or Risky Cryptographic Algorithm Incorrect Permissions for External Entities During XML Document...

Jetpack for WordPress: source code security analysis report

Several vulnerabilities were discovered in Automatic 'Jetpack for WordPress' software: Incorrect User Input Filtration when Connecting to External Files File System Path Manipulation Incorrect User Input Filtration when Using the unserialize Function Using Insufficiently Random Generators in...

Nextcloud: Vulnerable Javascript library

Information disclosure: So from simple lookup you can confirm the version of the jquery used. And is a outdated one, that accordingly to some research i did, was public vulnerabilities, such as XSS. Steps to reproduce: 1- navigate to:...

Pornhub: Reflected XSS by way of jQuery function

The researcher identified a path which exposed a vulnerable jQuery sinkhole allowing XSS. Additionally, the researcher was able to demonstrate a variety of attacks possible by way of arbitrary Javascript execution. Depending on the OS and browser implementation, the researcher demonstrated that h...

Concrete5 CMS: source code security analysis report

Several vulnerabilities were discovered in Portland Labs 'Concrete5 CMS' software: File System Path Manipulation Using Global Variables Incorrect User Input Filtration when Using the unserialize Function Using Insufficiently Random Generators in Cryptography HttpOnly Cookies Incorrect Permissions...

Collectd-Web 0.4.0 Cross Site Scripting

Title -Collectd-web XSS Exploit Title : XSS Vulnerabilitie in Collectd-web Date: Sun May 22 11:55:36 EDT 2016 Reported Date : Sun May 22 11:55:36 EDT 2016 Vendor Homepage: https://collectd.org/wiki/index.php/Collectd-web Version: Version: 0.4.0 Software Link: https://github.com/httpdss/collectd-w...