7657 matches found
Cross site scripting
A persistent cross site scripting vulnerability in NetScreen WebUI of Juniper Networks Juniper NetScreen Firewall+VPN running ScreenOS allows a user with the 'security' role to inject HTML/JavaScript content into the management session of other users including the administrator. This enables the...
Xenforo Forum CMS 1.5.13 Cross Site Scripting Vulnerability
Exploit for php platform in category web applications +---------------------------------------------------------+ | Vulnerable Software: Xenforo Forum CMS | | Vendor: http://xenforo.com | | Vulnerability Type: Persistent XSS authenticated | | Date Released: 07/04/2017 | | Released by: MLT |...
Keybase: Persistent XSS on keybase.io via "payload" field in `/user/sigchain_signature.toffee` template
Issue Keybase allows you to see other users' sigchains by navigating to /sigchain. The "Payload" field containing JSON related to the chainlink on the right side of the page is not correctly escaped during templating, leading to a persistent XSS as users have a high degree of control over the...
Unidesk Recipe for NP Desktop Logon Time Optimization v3
One very popular use case for VDI is for kiosk or lab machines. Uses for these types of desktops include classroom labs, library access and general computing in schools and corporations. Architects and Administrators of these types of use cases generally want to be able to define default...
Cross site scripting
Biscom Secure File Transfer versions 5.0.0.0 trough 5.1.1024 are vulnerable to post-authentication persistent cross-site scripting XSS in the "Name" and "Description" fields of a Workspace, as well as the "Description" field of a File Details pane of a file stored in a Workspace. This issue has...
Pornhub: Stored XSS in the any user profile using website link
The researcher discovered a stored XSS in the Website field of a user's profile page. I discovered Stored XSS attack vector in the user profile page using Website field. A similar bug was fixed several months ago i got a Duplicate in that time, but after some time I checked this again, and... the...
Composr CMS v10.0.0 XSS Vulnerability
Composr CMS is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:composr:cms";...
Craft CMS 2.6 - Cross-Site Scripting/Unrestricted File Upload
Technical Details & Description: ================================ The security risk of the xss vulnerability is estimated as medium with a common vulnerability scoring system count of 3.6. Exploitation of the persistent xss web vulnerability requires a limited editor user account with low...
Evolution Script CMS 5.3 Cross Site Scripting
Document Title: =============== Evolution Script CMS v5.3 - Cross Site Scripting Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2075 Release Date: ============= 2017-06-07 Vulnerability Laboratory ID VL-ID:...
Craft CMS 2.6 - Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: Craft CMS 2.6 - Cross-Site Scripting/Unrestricted File Upload Date: 2017-06-08 Exploit Author: Ahsan Tahir Vendor Homepage: https://craftcms.com Software Link: http://download.craftcdn.com/craft/2.6/2.6.2981/Craft-2.6.2981.zip...
Composr CMS v10.0.0 - Cross Site Scripting Vulnerability
Document Title: =============== Composr CMS v10.0.0 - Cross Site Scripting Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2066 Release Date: ============= 2017-06-08 Vulnerability Laboratory ID VL-ID: ====================================...
Craft CMS 2.6 - Cross-Site Scripting
Craft CMS 2.6 - Cross-Site Scripting Exploit Title: Craft CMS 2.6 - Cross-Site Scripting/Unrestricted File Upload Date: 2017-06-08 Exploit Author: Ahsan Tahir Vendor Homepage: https://craftcms.com Software Link: http://download.craftcdn.com/craft/2.6/2.6.2981/Craft-2.6.2981.zip Version: 2.6 Teste...
Craft CMS 2.6 - Cross-Site Scripting
Exploit Title: Craft CMS 2.6 - Cross-Site Scripting/Unrestricted File Upload Date: 2017-06-08 Exploit Author: Ahsan Tahir Vendor Homepage: https://craftcms.com Software Link: http://download.craftcdn.com/craft/2.6/2.6.2981/Craft-2.6.2981.zip Version: 2.6 Tested on: Kali Linux 2.0 | Windows 8.1...
Hard-coded Passwords Make Hacking Foscam ‘IP Cameras’ Much Easier
Security researchers have discovered over a dozen of vulnerabilities in tens of thousands of web-connected cameras that can not be protected just by changing their default credentials. Vulnerabilities found in two models of IP cameras from China-based manufacturer Foscam allow attackers to take...
Craft CMS 2.6 Cross Site Scripting / File Upload
Exploit Title: Craft CMS 2.6 - Cross-Site Scripting/Unrestricted File Upload Date: 2017-06-08 Exploit Author: Ahsan Tahir Vendor Homepage: https://craftcms.com Software Link: http://download.craftcdn.com/craft/2.6/2.6.2981/Craft-2.6.2981.zip Version: 2.6 Tested on: Kali Linux 2.0 | Windows 8.1...
Subsonic Cross-Site Scripting Vulnerability
Subsonic is a media streaming server that allows users to save music or collect videos on the server. Subsonic suffers from a cross-site scripting vulnerability. A remote attacker could use this vulnerability to persistently inject arbitrary web script or HTML via the name of an uploaded image...
Grav CMS 1.4.2 Admin Plugin - Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: GravCMS Core Admin Plugin v1.4.2 - Persistent Cross-Site Scripting Date: 2017-06-07 Exploit Author: Ahsan Tahir Vendor Homepage: https://getgrav.org/ Software Link: https://getgrav.org/download/core/grav-admin/1.2.4 Version: 1.4...
Composr CMS v10.0.0 - Cross Site Scripting Vulnerability
Document Title: =============== Composr CMS v10.0.0 - Cross Site Scripting Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2066 Release Date: ============= 2017-06-07 Vulnerability Laboratory ID VL-ID: ====================================...
GravCMS Core 1.4.2 Cross Site Scripting
Exploit Title: GravCMS Core Admin Plugin v1.4.2 - Persistent Cross-Site Scripting Date: 2017-06-07 Exploit Author: Ahsan Tahir Vendor Homepage: https://getgrav.org/ Software Link: https://getgrav.org/download/core/grav-admin/1.2.4 Version: 1.4.2 Tested on: Kali Linux 2.0 | Windows 8.1 Email:...
Grav CMS 1.4.2 Admin Plugin - Cross-Site Scripting
Grav CMS 1.4.2 Admin Plugin - Cross-Site Scripting Exploit Title: GravCMS Core Admin Plugin v1.4.2 - Persistent Cross-Site Scripting Date: 2017-06-07 Exploit Author: Ahsan Tahir Vendor Homepage: https://getgrav.org/ Software Link: https://getgrav.org/download/core/grav-admin/1.2.4 Version: 1.4.2...