CVE-2019-11199

Dolibarr ERP/CRM 9.0.1 is affected by a stored XSS in uploaded files (viewimage.php) that can execute JavaScript when an arbitrary link on the Dolibarr domain is clicked. The issue stems from lack of contextual output encoding in the uploaded content, enabling exploitation by low-privilege users ...

Cross-Site Scripting

Overview Versions of console-feed prior to 2.8.10 are vulnerable to Cross-Site Scripting XSS. The package fails to properly escape the rendered output. If an application uses console-feed and a malicious JavaScript payload was passed to a console.log'%', payload call, the package would render HTM...

Oracle Siebel CRM 19.0 Cross Site Scripting

Exploit Title: Oracle Siebel CRM 19.0 - Persistent Cross-Site Scripting Date: 2019-07-17 Exploit Author: Sarath Nair aka AceNeon13 Contact: @AceNeon13 Vendor Homepage: www.oracle.com Software Link: https://www.oracle.com/applications/siebel/ Version: Siebel CRM UI Framework Version 19.0 and prior...

Oracle Siebel CRM 19.0 - Persistent Cross-Site Scripting

Exploit Title: Oracle Siebel CRM 19.0 - Persistent Cross-Site Scripting Date: 2019-07-17 Exploit Author: Sarath Nair aka AceNeon13 Contact: @AceNeon13 Vendor Homepage: www.oracle.com Software Link: https://www.oracle.com/applications/siebel/ Version: Siebel CRM UI Framework Version 19.0 and prior...

SeedDMS Cross-Site Scripting Vulnerability (CNVD-2019-18509)

SeedDMS is a free document management system with an easy-to-use web-based user interface. A stored cross-site scripting vulnerability exists in out/out.GroupMgr.php in SeedDMS 5.1.11. An attacker can exploit this vulnerability by creating a new group with a JavaScript payload as the group name t...

CVE-2019-12801

out/out.GroupMgr.php in SeedDMS 5.1.11 has Stored XSS by making a new group with a JavaScript payload as the "GROUP" Name...

Cross site scripting

out/out.GroupMgr.php in SeedDMS 5.1.11 has Stored XSS by making a new group with a JavaScript payload as the "GROUP" Name...

CVE-2019-12801

out/out.GroupMgr.php in SeedDMS 5.1.11 has Stored XSS by making a new group with a JavaScript payload as the "GROUP" Name...

CVE-2017-11560

An issue was discovered in ZOHO ManageEngine OpManager 12.2. By adding a Google Map to the application, an authenticated user can upload an HTML file. This HTML file is then rendered in various locations of the application. JavaScript inside the uploaded HTML is also interpreted by the applicatio...

CVE-2019-6514

The CVE-2019-6514 entry affects WSO2 Dashboard Server 2.0.0 and describes a stored XSS flaw: a JavaScript payload can be injected and stored in the database, then displayed and executed on the same page. The documentation notes remediation via security patch releases from WSO2 (see references). N...

Storage-based Cross-site Scripting Vulnerability in the Frontend of Feifei Movie Navigation System

FeiFeiCms is developed by PHP+Mysql technology and can run on windows and Linux system platform. A stored cross-site scripting vulnerability exists in the frontend of FeiFeiCms. Attackers can insert malicious js code into the page to obtain user cookies and other information, resulting in user...

DomainMOD 4.11.01 - ssl-provider-name Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: DomainMOD 4.11.01 - Cross-Site Scripting Exploit Author: Mohammed Abdul Raheem Vendor Homepage: domainmod https://domainmod.org/ Software Link: domainmod https://github.com/DomainMod/DomainMod Version: v4.09.03 to v4.11.01 CVE :...

CA AWI 12.0 / 12.1 / 12.2 Cross Site Scripting

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Cross-site scripting product: CA Automic Workload Automation Web Interface AWI formerly Automic Automation Engine, UC4 vulnerable version: 12.0, 12.1, 12.2 fixed version:...

Flexible and Powerful Reverse Proxy: Modlishka

Modlishka is a flexible and powerful reverse proxy, that will take your phishing campaigns to the next level. It was realeased with an aim to: help penetration testers to carry out an effective phishing campaign and reinforce the fact that serious threat can arise from phishing. show current 2FA...

Hardcoded credentials

Pluto Safety PLC Gateway Ethernet devices in ABB GATE-E1 and GATE-E2 all versions allows an unauthenticated attacker using the administrative web interface to insert an HTML/Javascript payload into any of the device properties, which may allow an attacker to display/execute the payload in a visit...

CVE-2018-18997

Pluto Safety PLC Gateway Ethernet devices in ABB GATE-E1 and GATE-E2 all versions allows an unauthenticated attacker using the administrative web interface to insert an HTML/Javascript payload into any of the device properties, which may allow an attacker to display/execute the payload in a visit...

GHSA-J5RJ-G695-342R Fat Free CRM vulnerable to Cross-site Scripting

FatFreeCRM version =0.15.0 =0.16.0 =0.17.0 =0.17.2, and ==0.18.0 contains a Cross Site Scripting XSS vulnerability in commit 6d60bc8ed010c4eda05d6645c64849f415f68d65 that can result in Javascript execution. This attack appears to be exploitable via Content with Javascript payload will be executed...

DomainMOD 4.11.01 - Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: DomainMOD 4.11.01 - Cross-Site Scripting Exploit Author: Mohammed Abdul Raheem Vendor Homepage: domainmod https://domainmod.org/ Software Link: domainmod https://github.com/DomainMod/DomainMod Version: v4.09.03 to v4.11.01 CVE :...

DomainMOD 4.11.01 - Cross-Site Scripting

Exploit Title: DomainMOD 4.11.01 - Cross-Site Scripting Date: 2018-11-22 Exploit Author: Mohammed Abdul Raheem Vendor Homepage: domainmod https://domainmod.org/ Software Link: domainmod https://github.com/DomainMod/DomainMod Version: v4.09.03 to v4.11.01 CVE : CVE-2018-19913 A Stored Cross-site...

DomainMOD 4.11.01 - DisplayName Cross-Site Scripting

DomainMOD 4.11.01 - DisplayName Cross-Site Scripting Exploit Title: DomainMOD 4.11.01 - Cross-Site Scripting Date: 2018-11-22 Exploit Author: Mohammed Abdul Raheem Vendor Homepage: domainmod https://domainmod.org/ Software Link: domainmod https://github.com/domainmod/domainmod Version: v4.09.03 t...