4978 matches found
Cross site scripting
MoinMoin 1.9.8 allows remote attackers to conduct "JavaScript injection" attacks by using the "page creation" approach, related to a "Cross Site Scripting XSS" issue affecting the action=AttachFile via page name component...
CVE-2016-7146
MoinMoin 1.9.8 allows remote attackers to conduct "JavaScript injection" attacks by using the "page creation or crafted URL" approach, related to a "Cross Site Scripting XSS" issue affecting the action=fckdialog&dialog=attachment via page name component...
PYSEC-2016-30
MoinMoin 1.9.8 allows remote attackers to conduct "JavaScript injection" attacks by using the "page creation or crafted URL" approach, related to a "Cross Site Scripting XSS" issue affecting the action=fckdialog=attachment via page name component...
PYSEC-2016-31
MoinMoin 1.9.8 allows remote attackers to conduct "JavaScript injection" attacks by using the "page creation" approach, related to a "Cross Site Scripting XSS" issue affecting the action=AttachFile via page name component...
PYSEC-2016-30
MoinMoin 1.9.8 allows remote attackers to conduct "JavaScript injection" attacks by using the "page creation or crafted URL" approach, related to a "Cross Site Scripting XSS" issue affecting the action=fckdialog&dialog=attachment via page name component...
CVE-2016-7146
MoinMoin 1.9.8 allows remote attackers to conduct "JavaScript injection" attacks by using the "page creation or crafted URL" approach, related to a "Cross Site Scripting XSS" issue affecting the action=fckdialog&dialog=attachment via page name component...
CVE-2016-7148
MoinMoin 1.9.8 allows remote attackers to conduct "JavaScript injection" attacks by using the "page creation" approach, related to a "Cross Site Scripting XSS" issue affecting the action=AttachFile via page name component...
CVE-2016-7146
Removed by vendor...
CVE-2016-7148
MoinMoin 1.9.8 is affected by CVE-2016-7148, a Cross Site Scripting (XSS) issue related to the page creation/AttachFile component. The root cause is improper sanitization in the AttachFile/page-name handling, enabling remote JavaScript injection. Some connected sources (GN) reference a fix to 1.9...
CVE-2016-7146
CVE-2016-7146 affects MoinMoin 1.9.8, where a Cross-Site Scripting (XSS) flaw allows remote attackers to inject JavaScript via the page creation or crafted URL, specifically through the action=fckdialog&dialog=attachment (via page name) component. Connected advisories corroborate the issue and li...
CVE-2016-7148
Removed by vendor...
CVE-2016-7148
MoinMoin 1.9.8 allows remote attackers to conduct "JavaScript injection" attacks by using the "page creation" approach, related to a "Cross Site Scripting XSS" issue affecting the action=AttachFile via page name component...
CVE-2016-7146
MoinMoin 1.9.8 allows remote attackers to conduct "JavaScript injection" attacks by using the "page creation or crafted URL" approach, related to a "Cross Site Scripting XSS" issue affecting the action=fckdialog&dialog=attachment via page name component...
UBUNTU-CVE-2016-7148
MoinMoin 1.9.8 allows remote attackers to conduct "JavaScript injection" attacks by using the "page creation" approach, related to a "Cross Site Scripting XSS" issue affecting the action=AttachFile via page name component...
Bassmaster 1.5.1 - Batch Arbitrary JavaScript Injection Remote Code Execution (Metasploit)
require 'msf/core' class MetasploitModule 'Bassmaster Batch Arbitrary JavaScript Injection Remote Code Execution', 'Description' = %q This module exploits an un-authenticated code injection vulnerability in the bassmaster nodejs plugin for hapi. The vulnerability is within the batch endpoint and...
Bassmaster Batch Arbitrary JavaScript Injection Remote Code Execution Exploit
This module exploits an un-authenticated code injection vulnerability in the bassmaster nodejs plugin for hapi. The vulnerability is within the batch endpoint and allows an attacker to dynamically execute JavaScript code on the server side using an eval. Note that the code uses a '\x2f' character...
IBM TRIRIGA Application Platform Cross-Site Scripting Vulnerability
The IBM TRIRIGA Application Platform is a set of technology platforms for deploying TRIRIGA applications from IBM in the United States. The platform provides a set of design-time and run-time components for building and running its enterprise applications, respectively, and supports...
Brave Software: invalid homepage URL causes 'uncaught typeerror' or blank state
Summary: The issue is when you set the homepage as https://brave.com;https://google.com.vn and then change the setting to launch brave with homepage Products affected: Tested on windows7 x64 + BraveSetup-ia32 Steps To Reproduce: 1.go to Settings - General, inject to "My home page is":...
Cross-site scripting (XSS) vulnerability in China Mobile 139 Mailbox PC V2.5.1
139 Mailbox for PC is a general-purpose mailbox client launched by China Mobile. A cross-site scripting XSS vulnerability exists in China Mobile 139 Mailbox PC V2.5.1. An attacker exploiting the vulnerability can insert malicious js code into the page to obtain user cookies and other information,...
Cross-site Scripting Vulnerability in EaseUS Content Management System
EECO Content Management System is a marketing enterprise website system developed based on SEO-friendliness. There is an XSS cross-site scripting vulnerability in EE Content Management System. The vulnerability file is comment.php, due to the safecheck function is not filtered completely, the...