7660 matches found
CVE-2017-17826
The Configuration component of Piwigo 2.9.2 is vulnerable to Persistent Cross Site Scripting via the gallerytitle parameter in an admin.php?page=configuration§ion=main request. An attacker can exploit this to hijack a client's browser along with the data stored in it...
CVE-2017-17825
The Batch Manager component of Piwigo 2.9.2 is vulnerable to Persistent Cross Site Scripting via tags- array parameters in an admin.php?page=batchmanager&mode=unit request. An attacker can exploit this to hijack a client's browser along with the data stored in it...
CVE-2017-17826
The Configuration component of Piwigo 2.9.2 is vulnerable to Persistent Cross Site Scripting via the gallerytitle parameter in an admin.php?page=configuration§ion=main request. An attacker can exploit this to hijack a client's browser along with the data stored in it...
CVE-2017-17825
The Batch Manager component of Piwigo 2.9.2 is vulnerable to Persistent Cross Site Scripting via tags- array parameters in an admin.php?page=batchmanager&mode=unit request. An attacker can exploit this to hijack a client's browser along with the data stored in it...
CVE-2017-17825
The CVE-2017-17825 entry affects Piwigo 2.9.2, specifically the Batch Manager component. The vulnerability is a Persistent Cross-Site Scripting (stored XSS) triggered by tags-* array parameters in the admin.php?page=batch_manager&mode=unit request, which can allow an attacker to hijack a user’s b...
CVE-2017-17826
The Configuration component of Piwigo 2.9.2 is vulnerable to Persistent Cross Site Scripting via the gallerytitle parameter in an admin.php?page=configuration§ion=main request. An attacker can exploit this to hijack a client's browser along with the data stored in it...
CVE-2017-5256
In version 3.5 and prior of Cambium Networks ePMP firmware, all authenticated users have the ability to update the Device Name and System Description fields in the web administration console, and those fields are vulnerable to persistent cross-site scripting XSS injection...
Tech support scammers make browser lockers more resilient
Tech support scammers have been relying on fraudulent pop-ups for many years in order to scare potential victims into calling for remote assistance. These so-called browser lockers or browlocks typically originate from malicious ads malvertising that can appear on any website, including trusted...
Ability Mail Server 3.3.2 - Cross-Site Scripting Exploit
Exploit for multiple platform in category web applications Exploit Title: Ability Mail Server 3.3.2 Persistent Cross Site Scripting XSS CVE: CVE-2017-17752 Date: 19-12-2017 Software Link: http://download.codecrafters.com/ams3.exe Exploit Author: Aloyce J. Makalanga Contact:...
Ability Mail Server 3.3.2 - Cross-Site Scripting
Ability Mail Server 3.3.2 - Cross-Site Scripting Exploit Title: Ability Mail Server 3.3.2 Persistent Cross Site Scripting XSS CVE: CVE-2017-17752 Date: 19-12-2017 Software Link: http://download.codecrafters.com/ams3.exe Exploit Author: Aloyce J. Makalanga Contact: https://twitter.com/aloycemjr...
Ability Mail Server 3.3.2 - Cross-Site Scripting
Exploit Title: Ability Mail Server 3.3.2 Persistent Cross Site Scripting XSS CVE: CVE-2017-17752 Date: 19-12-2017 Software Link: http://download.codecrafters.com/ams3.exe Exploit Author: Aloyce J. Makalanga Contact: https://twitter.com/aloycemjr Vendor Homepage: http://www.codecrafters.com...
Security vulnerabilities fixed in Firefox ESR 52.5.2 — Mozilla
A buffer overflow occurs when drawing and validating elements using Direct 3D 9 with the ANGLE graphics library, used for WebGL content. This is due to an incorrect value being passed within the library during checks and results in a potentially exploitable crash. Note: This attack only affects...
FS IMDB Clone - XSS REFLECTED/PERSISTENT Vulnerabilties
Exploit for php platform in category web applications Exploit Title: FS IMDB Clone - XSS REFLECTED/PERSISTENT Exploit Author: Dan° Vendor Homepage: https://fortunescripts.com/ Software Link: https://fortunescripts.com/product/imdb-clone/ Version: 2017-12-06 Tested on: Kali Linux 2.0 PAYLOAD...
CVE-2017-7843
A privacy flaw was discovered in Firefox. In Private Browsing mode, a web worker could write persistent data to IndexedDB, which was not cleared when exiting and would persist across multiple sessions. A malicious website could exploit the flaw to bypass private-browsing protections and uniquely...
MistServer 2.12 Cross Site Scripting
Credits: John Page aka Hyp3rlinX + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MIST-SERVER-v2.12-UNAUTHENTICATED-PERSISTENT-XSS-CVE-2017-16884.txt + ISR: ApparitionSec Vendor: ============= mistserver.org Product: =========== MistServer v2.12 MistServer...
MistServer 2.12 - Cross-Site Scripting
MistServer 2.12 - Cross-Site Scripting + Credits: John Page aka Hyp3rlinX + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MIST-SERVER-v2.12-UNAUTHENTICATED-PERSISTENT-XSS-CVE-2017-16884.txt + ISR: ApparitionSec Vendor: ============= mistserver.org Product:...
MistServer 2.12 - Cross-Site Scripting
Credits: John Page aka Hyp3rlinX + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MIST-SERVER-v2.12-UNAUTHENTICATED-PERSISTENT-XSS-CVE-2017-16884.txt + ISR: ApparitionSec Vendor: ============= mistserver.org Product: =========== MistServer v2.12 MistServer...
Infogram: Persistent XSS in share button
Persistent XSS in "Share" button was found: 1. In custom link field for "Share" button add: ". 2. Share the infographic publicly, navigate to its public URL and click the "Share" button. 3. See that pop-up window activates...
UBUNTU-CVE-2017-5532
A vulnerability in the report renderer component of TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO JasperReports Library, TIBCO JasperReports Library for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy...
Cross site scripting
In Home Assistant before 0.57, it is possible to inject JavaScript code into a persistent notification via crafted Markdown text, aka XSS...