556 matches found
TYPO3 Formhandler 2.4.0 Cross Site Scripting
Advisory: Cross-Site Scripting in TYPO3 Formhandler Extension RedTeam Pentesting discovered a cross-site scripting vulnerability XSS in the TYPO3 extension Formhandler. Details ======= Product: TYPO3 Formhandler Affected Versions: 2.4.0 and probably earlier Fixed Versions: none, project no longer...
Grab: [parcel.grab.com] DOM XSS at /assets/bower_components/lodash/perf/
Summary: DOM Based XSS or as it is called in some texts, “type-0 XSS” is an XSS attack wherein the attack payload is executed as a result of modifying the DOM “environment” in the victim’s browser used by the original client side script, so that the client side code runs in an “unexpected” manner...
Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerability
A vulnerability in the web-based application interface of the Cisco Identity Services Engine ISE portal could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the web interface of an affected system. The vulnerability is due to...
Cross site scripting
irc.cgi in CGI:IRC before 0.5.12 reflects user-supplied input from the R parameter without proper output encoding, aka XSS...
Newsletter by Supsystic - Authenticated Stored XSS & CSRF
Despite what the original advisory states, the affected POST parameter is "label". The CSRF issue was fixed in version 1.1.8, however, the Plugin still did not validate or output encode the "label" parameter...
Mail.ru: Reflected XSS on frag.mail.ru
Domain, site, application The "frag.mail.ru" is affected by a reflected XSS vulnerability on the "/user/register/" handler. Testing environment The exploitation of the issue has been tested on the latest version at the time of writing of Firefox: 52.0.1 both 32 and 64 bit on Sierra and Windows 7...
WordPress Magic Fields 1 1.7.1 Cross Site Scripting Vulnerability
Exploit for php platform in category web applications ------------------------------------------------------------------------ Cross-Site Scripting in Magic Fields 1 WordPress Plugin ------------------------------------------------------------------------ Burak Kelebek, July 2016...
WordPress Magic Fields 1 1.7.1 Cross Site Scripting
------------------------------------------------------------------------ Cross-Site Scripting in Magic Fields 1 WordPress Plugin ------------------------------------------------------------------------ Burak Kelebek, July 2016 ----------------------------------------------------------------------...
Zoneminder 1.291.30 - Cross-Site Scripting SQL Injection Session Fixation Cross-Site Request Forgery
Zoneminder 1.291.30 - Cross-Site Scripting SQL Injection Session Fixation Cross-Site Request Forgery Source: https://www.foxmole.com/advisories/foxmole-2016-07-05.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 === FOXMOLE - Security Advisory 2016-07-05 === Zoneminder multiple vulnerabilities...
Zoneminder 1.29/1.30 - Cross-Site Scripting / SQL Injection / Session Fixation / Cross-Site Request Forgery
Source: https://www.foxmole.com/advisories/foxmole-2016-07-05.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 === FOXMOLE - Security Advisory 2016-07-05 === Zoneminder multiple vulnerabilities Affected Versions ================= Zoneminder 1.29,1.30 Issue Overview ============== Vulnerability...
Zoneminder 1.29 / 1.30 CSRF / XSS / SQL Injection / Session Fixation
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 === FOXMOLE - Security Advisory 2016-07-05 === Zoneminder multiple vulnerabilities Affected Versions ================= Zoneminder 1.29,1.30 Issue Overview ============== Vulnerability Type: SQL Injection, Cross Site Scripting, Session Fixation, No...
WordPress Google Maps 6.3.14 Cross Site Request Forgery
------------------------------------------------------------------------ Persistent Cross-Site Scripting in WP Google Maps Plugin via CSRF ------------------------------------------------------------------------ Sipke Mellema, July 2016...
Limny 2.2 Expression Language Injection
======================================================================== | Title : limny 2.2 Expression language injection vulnerability | Author : indoushka | email : [email protected] | Tested on : windows 8.1 FranASSais V.Pro | Version : 2.2 | Vendor : http://www.limny.org/ | Dork : n/a...
GoDaddy Patches Blind XSS Vulnerability
Domain registrar GoDaddy fixed a vulnerability affecting systems used by its customer support agents that could have been abused to take over, modify or delete accounts. Researcher Matthew Bryant said that a riff on a cross-site scripting attack called a blind XSS was to blame. A GoDaddy customer...
WordPress SiteMile Project 2.0.9.5 Theme - Multiple Vulnerabilities
Exploit for php platform in category web applications Wordpress ProjectTheme Multiple Vulnerabilities - - ------------------------------------------------------------ Affected Version ================ Project Theme: 2.0.9.5 Problem Overview ================ Technical Risk: high Likelihood of...
WordPress Theme SiteMile Project 2.0.9.5 - Multiple Vulnerabilities
WordPress Theme SiteMile Project 2.0.9.5 - Multiple Vulnerabilities -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 === LSE Leading Security Experts GmbH - Security Advisory 2016-01-01 === Wordpress ProjectTheme Multiple Vulnerabilities - -...
WordPress Theme SiteMile Project 2.0.9.5 - Multiple Vulnerabilities
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 === LSE Leading Security Experts GmbH - Security Advisory 2016-01-01 === Wordpress ProjectTheme Multiple Vulnerabilities - - ------------------------------------------------------------ Affected Version ================ Project Theme: 2.0.9.5 Proble...
Redaxo CMS 5.0.0 - Multiple Vulnerabilities
Exploit for php platform in category web applications Redaxo CMS contains multiple vulnerabilities ------------------------------------------------------------- Problem Overview ================ Technical Risk: high Likelihood of Exploitation: medium Vendor: https://www.redaxo.org/ Tested version...
Redaxo CMS 5.0.0 Cross Site Scripting / SQL Injection
=== LSE Leading Security Experts GmbH - Security Advisory 2016-01-18 === Redaxo CMS contains multiple vulnerabilities ------------------------------------------------------------- Problem Overview ================ Technical Risk: high Likelihood of Exploitation: medium Vendor:...
[CVE-2014-2035] XSS in InterWorx Web Control Panel <= 5.0.12
============================================== Product: InterWorx Web Control Panel Vendor: InterWorx LLC Tested Version: 5.0.12 build 569 Vulnerability Type: Cross-Site Scripting CWE-79 CVE Reference: CVE-2014-2035 Risk Level: Medium CVSSv2 Base Score: 6.4 AV:N/AC:L/Au:N/C:P/I:P/A:N Solution...