CVE-2020-19882

DBHcms v1.2.0 has a stored xss vulnerability as there is no htmlspecialchars function for 'menudescription' variable in dbhcms\mod\mod.menus.edit.php line 83 and in dbhcms\mod\mod.menus.view.php line 111, A remote authenticated with admin user can exploit this vulnerability to hijack other users...

LimeSurvey 4.3.10 Cross Site Scripting

Exploit Title: LimeSurvey 4.3.10 - 'Survey Menu' Persistent Cross-Site Scripting Date: 2020-08-23 Exploit Author: Matthew Aberegg Vendor Homepage: https://www.limesurvey.org Version: LimeSurvey 4.3.10+200812 Tested on: Ubuntu 18.04.4 Patch Link:...

LimeSurvey 4.3.10 - 'Survey Menu' Persistent Cross-Site Scripting

Exploit Title: LimeSurvey 4.3.10 - 'Survey Menu' Persistent Cross-Site Scripting Date: 2020-08-23 Exploit Author: Matthew Aberegg Vendor Homepage: https://www.limesurvey.org Version: LimeSurvey 4.3.10+200812 Tested on: Ubuntu 18.04.4 Patch Link:...

Adobe Acrobat Pro DC Web2PDF:AppLinks JavaScript Restrictions Bypass Vulnerability

This vulnerability allows remote attackers to bypass JavaScript API restrictions on affected installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within a...

CVE-2020-10777

A cross-site scripting flaw was found in Report Menu feature of Red Hat CloudForms 4.7 and 5. An attacker could use this flaw to execute a stored XSS attack on an application administrator using CloudForms...

CVE-2020-10777

A cross-site scripting flaw was found in Report Menu feature of Red Hat CloudForms 4.7 and 5. An attacker could use this flaw to execute a stored XSS attack on an application administrator using CloudForms...

Cross site scripting

A cross-site scripting flaw was found in Report Menu feature of Red Hat CloudForms 4.7 and 5. An attacker could use this flaw to execute a stored XSS attack on an application administrator using CloudForms...

CVE-2020-10777

A cross-site scripting flaw was found in Report Menu feature of Red Hat CloudForms 4.7 and 5. An attacker could use this flaw to execute a stored XSS attack on an application administrator using CloudForms...

Admin Menu <= 1.1 - Authenticated Cross-Site Scripting (XSS)

The Admin Menu WordPress plugin, versions 1.1 and below, were vulnerable to Authenticated Cross-Site Scripting XSS within the "role" GET parameter. http://www.example.com/wp-admin/admin.php?page=admin-menu-pro&role=alertString.fromCharCode88,83,83...

Cross-site Scripting (XSS)

cfme-gemset is vulnerable to cross-site scripting XSS. The vulnerability exists in the report menu title...

CloudForms: Cross Site Scripting in report menu title / HTML Code Injection

A flaw was found in the Report Menu of Red Hat CloudForms where the title field was not properly sanitized for HTML and JavaScript inputs. An attacker could use this flaw to execute a stored XSS attack on an application administrator using CloudForms. Please note that Content Security Policy can...

Red Hat CloudForms Cross-Site Scripting Vulnerability (CNVD-2020-44409)

Red Hat CloudForms is a hybrid infrastructure management platform from Red Hat, Inc. The platform provides deployment, management, and other capabilities across virtual machines, clouds, containers, and physical infrastructure. A security vulnerability exists in Report Menu in Red Hat CloudForms,...

CVE-2020-10777

A flaw was found in the Report Menu of Red Hat CloudForms where the title field was not properly sanitized for HTML and JavaScript inputs. An attacker could use this flaw to execute a stored XSS attack on an application administrator using CloudForms. Please note that Content Security Policy can...

Autoenum - Automatic Service Enumeration Script

Autoenum is a recon tool which performs automatic enumeration of services discovered. I built this to save some time during CTFs and pen testing environments i.e. HTB, VulnHub, OSCP and draws a bit from a number of existing tools including AutoRecon https://github.com/Tib3rius/AutoRecon, Auto-Rec...

CVE-2020-11952

An issue was discovered on Rittal PDU-3C002DEC through 5.17.10 and CMCIII-PU-9333E0FB through 3.17.10 devices. Attackers can bypass the CLI menu...

PrestaShop Responsive Mega Menu Module RCE / SQLi Vulnerability

The SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:prestashop:prestashop"; ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.144185"...

Espionage - A Network Packet And Traffic Interceptor For Linux. Spoof ARP & Wiretap A Network

Espionage is a network packet sniffer that intercepts large amounts of data being passed through an interface. The tool allows users to to run normal and verbose traffic analysis that shows a live feed of traffic, revealing packet direction, protocols, flags, etc. Espionage can also spoof ARP so,...

CVE-2020-13652

An issue was discovered in DigDash 2018R2 before p20200528, 2019R1 before p20200528, 2019R2 before p20200430, and 2020R1 before p20200507. A cross-site scripting XSS vulnerability exists in the login menu...

Cross site scripting

An issue was discovered in DigDash 2018R2 before p20200528, 2019R1 before p20200528, 2019R2 before p20200430, and 2020R1 before p20200507. A cross-site scripting XSS vulnerability exists in the login menu...

CVE-2020-11696

In Combodo iTop a menu shortcut name can be exploited with a stored XSS payload. This is fixed in all iTop packages community, essential, professional in version 2.7.0 and iTop essential and iTop professional in version 2.6.4...