Lucene search
K

7660 matches found

NVD
NVD
added 2017/12/21 4:29 a.m.11 views

CVE-2017-17826

The Configuration component of Piwigo 2.9.2 is vulnerable to Persistent Cross Site Scripting via the gallerytitle parameter in an admin.php?page=configuration&section=main request. An attacker can exploit this to hijack a client's browser along with the data stored in it...

6.1CVSS6AI score0.00683EPSS
Exploits1References1
OSV
OSV
added 2017/12/21 4:29 a.m.21 views

CVE-2017-17825

The Batch Manager component of Piwigo 2.9.2 is vulnerable to Persistent Cross Site Scripting via tags- array parameters in an admin.php?page=batchmanager&mode=unit request. An attacker can exploit this to hijack a client's browser along with the data stored in it...

4.8CVSS5.2AI score
Exploits0References1
OSV
OSV
added 2017/12/21 4:29 a.m.13 views

CVE-2017-17826

The Configuration component of Piwigo 2.9.2 is vulnerable to Persistent Cross Site Scripting via the gallerytitle parameter in an admin.php?page=configuration&section=main request. An attacker can exploit this to hijack a client's browser along with the data stored in it...

6.1CVSS6.2AI score
Exploits0References1
Cvelist
Cvelist
added 2017/12/21 4:0 a.m.21 views

CVE-2017-17825

The Batch Manager component of Piwigo 2.9.2 is vulnerable to Persistent Cross Site Scripting via tags- array parameters in an admin.php?page=batchmanager&mode=unit request. An attacker can exploit this to hijack a client's browser along with the data stored in it...

5.8AI score0.0054EPSS
Exploits1References1
CVE
CVE
added 2017/12/21 4:0 a.m.50 views

CVE-2017-17825

The CVE-2017-17825 entry affects Piwigo 2.9.2, specifically the Batch Manager component. The vulnerability is a Persistent Cross-Site Scripting (stored XSS) triggered by tags-* array parameters in the admin.php?page=batch_manager&mode=unit request, which can allow an attacker to hijack a user’s b...

4.8CVSS5.2AI score0.0054EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2017/12/21 4:0 a.m.17 views

CVE-2017-17826

The Configuration component of Piwigo 2.9.2 is vulnerable to Persistent Cross Site Scripting via the gallerytitle parameter in an admin.php?page=configuration&section=main request. An attacker can exploit this to hijack a client's browser along with the data stored in it...

6.6AI score0.00683EPSS
Exploits1References1
OSV
OSV
added 2017/12/20 10:29 p.m.4 views

CVE-2017-5256

In version 3.5 and prior of Cambium Networks ePMP firmware, all authenticated users have the ability to update the Device Name and System Description fields in the web administration console, and those fields are vulnerable to persistent cross-site scripting XSS injection...

5.4CVSS5.8AI score
Exploits0References1
Malwarebytes
Malwarebytes
added 2017/12/20 4:29 p.m.11 views

Tech support scammers make browser lockers more resilient

Tech support scammers have been relying on fraudulent pop-ups for many years in order to scare potential victims into calling for remote assistance. These so-called browser lockers or browlocks typically originate from malicious ads malvertising that can appear on any website, including trusted...

7.1AI score
Exploits0
0day.today
0day.today
added 2017/12/20 12:0 a.m.50 views

Ability Mail Server 3.3.2 - Cross-Site Scripting Exploit

Exploit for multiple platform in category web applications Exploit Title: Ability Mail Server 3.3.2 Persistent Cross Site Scripting XSS CVE: CVE-2017-17752 Date: 19-12-2017 Software Link: http://download.codecrafters.com/ams3.exe Exploit Author: Aloyce J. Makalanga Contact:...

4.3CVSS6.4AI score0.01383EPSS
Exploits5
exploitpack
exploitpack
added 2017/12/20 12:0 a.m.24 views

Ability Mail Server 3.3.2 - Cross-Site Scripting

Ability Mail Server 3.3.2 - Cross-Site Scripting Exploit Title: Ability Mail Server 3.3.2 Persistent Cross Site Scripting XSS CVE: CVE-2017-17752 Date: 19-12-2017 Software Link: http://download.codecrafters.com/ams3.exe Exploit Author: Aloyce J. Makalanga Contact: https://twitter.com/aloycemjr...

4.3CVSS6.1AI score0.01383EPSS
Exploits5
Exploit DB
Exploit DB
added 2017/12/20 12:0 a.m.43 views

Ability Mail Server 3.3.2 - Cross-Site Scripting

Exploit Title: Ability Mail Server 3.3.2 Persistent Cross Site Scripting XSS CVE: CVE-2017-17752 Date: 19-12-2017 Software Link: http://download.codecrafters.com/ams3.exe Exploit Author: Aloyce J. Makalanga Contact: https://twitter.com/aloycemjr Vendor Homepage: http://www.codecrafters.com...

6.1CVSS6.3AI score0.01383EPSS
Exploits5
Mozilla
Mozilla
added 2017/12/07 12:0 a.m.501 views

Security vulnerabilities fixed in Firefox ESR 52.5.2 — Mozilla

A buffer overflow occurs when drawing and validating elements using Direct 3D 9 with the ANGLE graphics library, used for WebGL content. This is due to an incorrect value being passed within the library during checks and results in a potentially exploitable crash. Note: This attack only affects...

9.3CVSS4.3AI score0.03215EPSS
Exploits1References2Affected Software1
0day.today
0day.today
added 2017/12/06 12:0 a.m.19 views

FS IMDB Clone - XSS REFLECTED/PERSISTENT Vulnerabilties

Exploit for php platform in category web applications Exploit Title: FS IMDB Clone - XSS REFLECTED/PERSISTENT Exploit Author: Dan° Vendor Homepage: https://fortunescripts.com/ Software Link: https://fortunescripts.com/product/imdb-clone/ Version: 2017-12-06 Tested on: Kali Linux 2.0 PAYLOAD...

7.1AI score
Exploits0
RedhatCVE
RedhatCVE
added 2017/12/04 11:35 p.m.23 views

CVE-2017-7843

A privacy flaw was discovered in Firefox. In Private Browsing mode, a web worker could write persistent data to IndexedDB, which was not cleared when exiting and would persist across multiple sessions. A malicious website could exploit the flaw to bypass private-browsing protections and uniquely...

7.5CVSS4AI score0.02989EPSS
Exploits1References2
Packet Storm
Packet Storm
added 2017/12/01 12:0 a.m.49 views

MistServer 2.12 Cross Site Scripting

Credits: John Page aka Hyp3rlinX + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MIST-SERVER-v2.12-UNAUTHENTICATED-PERSISTENT-XSS-CVE-2017-16884.txt + ISR: ApparitionSec Vendor: ============= mistserver.org Product: =========== MistServer v2.12 MistServer...

6.4AI score0.04327EPSS
Exploits5
exploitpack
exploitpack
added 2017/12/01 12:0 a.m.42 views

MistServer 2.12 - Cross-Site Scripting

MistServer 2.12 - Cross-Site Scripting + Credits: John Page aka Hyp3rlinX + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MIST-SERVER-v2.12-UNAUTHENTICATED-PERSISTENT-XSS-CVE-2017-16884.txt + ISR: ApparitionSec Vendor: ============= mistserver.org Product:...

4.3CVSS0.3AI score0.04327EPSS
Exploits5
Exploit DB
Exploit DB
added 2017/12/01 12:0 a.m.80 views

MistServer 2.12 - Cross-Site Scripting

Credits: John Page aka Hyp3rlinX + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MIST-SERVER-v2.12-UNAUTHENTICATED-PERSISTENT-XSS-CVE-2017-16884.txt + ISR: ApparitionSec Vendor: ============= mistserver.org Product: =========== MistServer v2.12 MistServer...

6.1CVSS6.3AI score0.04327EPSS
Exploits5
Hacker One
Hacker One
added 2017/11/16 8:44 a.m.21 views

Infogram: Persistent XSS in share button

Persistent XSS in "Share" button was found: 1. In custom link field for "Share" button add: ". 2. Share the infographic publicly, navigate to its public URL and click the "Share" button. 3. See that pop-up window activates...

6.3AI score
Exploits0
OSV
OSV
added 2017/11/15 9:29 p.m.2 views

UBUNTU-CVE-2017-5532

A vulnerability in the report renderer component of TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO JasperReports Library, TIBCO JasperReports Library for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy...

5.4CVSS5.7AI score0.00687EPSS
Exploits0References3
Prion
Prion
added 2017/11/10 11:29 p.m.14 views

Cross site scripting

In Home Assistant before 0.57, it is possible to inject JavaScript code into a persistent notification via crafted Markdown text, aka XSS...

4.3CVSS6.2AI score0.00772EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder