7660 matches found
CVE-2017-16782
In Home Assistant before 0.57, it is possible to inject JavaScript code into a persistent notification via crafted Markdown text, aka XSS...
CVE-2017-16782
In Home Assistant before 0.57, it is possible to inject JavaScript code into a persistent notification via crafted Markdown text, aka XSS...
CVE-2017-16782
In Home Assistant before 0.57, it is possible to inject JavaScript code into a persistent notification via crafted Markdown text, aka XSS...
CVE-2017-16568
Persistent Cross-Site Scripting XSS vulnerability in Logitech Media Server 7.9.0, affecting the "Radio" functionality. This vulnerability allows attackers to inject malicious JavaScript payloads, which become permanently stored on the server and execute when a user plays the compromised radio...
CVE-2017-16567
Persistent Cross-Site Scripting XSS vulnerability in Logitech Media Server 7.9.0, affecting the "Favorites" feature. This vulnerability allows remote attackers to inject and permanently store malicious JavaScript payloads, which are executed when users access the affected functionality...
Design/Logic Flaw
A backdoor vulnerability exists in remote control functionality of Circle with Disney running firmware 2.0.1. A specific set of network packets can remotely start an SSH server on the device, resulting in a persistent backdoor. An attacker can send an API call to enable the SSH server...
Logitech Media Server 7.9.0 Cross Site Scripting
Exploit Title: Logitech Media Server : Persistent Cross Site ScriptingXSS Shodan Dork: Search Logitech Media Server Date: 11/03/2017 Exploit Author: Dewank Pant Vendor Homepage: www.logitech.com Software Link: download link if available Version: 7.9.0 Tested on: Windows 10, Linux CVE : Applied Fo...
Logitech Media Server Multiple Persistent XSS Vulnerabilities
Logitech Media Server is prone to multiple stored cross site scripting vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
CVE-2017-16636
In Bludit v1.5.2 and v2.0.1, an XSS vulnerability is located in the new page, new category, and edit post function body message context. Remote attackers are able to bypass the basic editor validation to trigger cross site scripting. The XSS is persistent and the request method to inject via edit...
Cross site scripting
In Bludit v1.5.2 and v2.0.1, an XSS vulnerability is located in the new page, new category, and edit post function body message context. Remote attackers are able to bypass the basic editor validation to trigger cross site scripting. The XSS is persistent and the request method to inject via edit...
CVE-2017-16636
In Bludit v1.5.2 and v2.0.1, an XSS vulnerability is located in the new page, new category, and edit post function body message context. Remote attackers are able to bypass the basic editor validation to trigger cross site scripting. The XSS is persistent and the request method to inject via edit...
CVE-2017-16636
In Bludit v1.5.2 and v2.0.1, an XSS vulnerability is located in the new page, new category, and edit post function body message context. Remote attackers are able to bypass the basic editor validation to trigger cross site scripting. The XSS is persistent and the request method to inject via edit...
CVE-2017-16636
In Bludit v1.5.2 and v2.0.1, CVE-2017-16636 describes a persistent XSS in the new page, new category, and edit post function body message context. An attacker can bypass basic editor validation to inject scripts via an unrecognized editor tag, with the GET method and a follow-up POST to persist t...
Logitech Media Server 7.9.0 - Radio URL Cross-Site Scripting Vulnerability
Exploit for multiple platform in category web applications Exploit Title: Logitech Media Server : HTML code injection and execution. Shodan Dork: Search Logitech Media Server Date: 11/03/2017 Exploit Author: Dewank Pant Vendor Homepage: www.logitech.com Version: 7.9.0 Tested on: Windows 10, Linux...
Logitech Media Server 7.9.0 - favorites Cross-Site Scripting Vulnerability
Exploit for multiple platform in category web applications Exploit Title: Logitech Media Server : Persistent Cross Site ScriptingXSS Shodan Dork: Search Logitech Media Server Date: 11/03/2017 Exploit Author: Dewank Pant Vendor Homepage: www.logitech.com Software Link: download link if available...
Logitech Media Server 7.9.0 - Radio URL Cross-Site Scripting
Logitech Media Server 7.9.0 - Radio URL Cross-Site Scripting Exploit Title: Logitech Media Server : HTML code injection and execution. Shodan Dork: Search Logitech Media Server Date: 11/03/2017 Exploit Author: Dewank Pant Vendor Homepage: www.logitech.com Version: 7.9.0...
Logitech Media Server 7.9.0 - favorites Cross-Site Scripting
Logitech Media Server 7.9.0 - favorites Cross-Site Scripting Exploit Title: Logitech Media Server : Persistent Cross Site ScriptingXSS Shodan Dork: Search Logitech Media Server Date: 11/03/2017 Exploit Author: Dewank Pant Vendor Homepage: www.logitech.com Software Link: download link if available...
Logitech Media Server 7.9.0 - 'favorites' Cross-Site Scripting
Exploit Title: Logitech Media Server : Persistent Cross Site ScriptingXSS Shodan Dork: Search Logitech Media Server Date: 11/03/2017 Exploit Author: Dewank Pant Vendor Homepage: www.logitech.com Software Link: download link if available Version: 7.9.0 Tested on: Windows 10, Linux CVE : Applied Fo...
Logitech Media Server 7.9.0 - 'Radio URL' Cross-Site Scripting
Exploit Title: Logitech Media Server : HTML code injection and execution. Shodan Dork: Search Logitech Media Server Date: 11/03/2017 Exploit Author: Dewank Pant Vendor Homepage: www.logitech.com Version: 7.9.0 Tested on: Windows 10, Linux CVE : Applied For. POC: 1. Access and go to the Radio URL...
TinyWebGallery v2.4 (TWGE) - Persistent XSS Vulnerability
Document Title: =============== TinyWebGallery v2.4 TWGE - Persistent XSS Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=1997 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16635...