White Label CMS <= 1.5.2 - Stored XSS

Due to a lack of CSRF protection, and lack of sanitation of user input, it is possible to trigger a Persistent XSS attack via a CSRF attack. This attack targets in particular the Import functionality, which is located in the 'wlcmsImport' function, within the file...

Untangle Cross Site Scripting / Information Disclosure

This is a follow up to an earlier post, highlighting an XSS and information disclosure vulnerability in versions of Untangle 9-11 The previous post is shown in full below this post. Additional un-patched vectors have been discovered that allow for these issues to be exploited with increased...

OTRS 3.1.x 3.2.x 3.3.x - Persistent Cross-Site Scripting

OTRS 3.1.x 3.2.x 3.3.x - Persistent Cross-Site Scripting Exploit Title: Stored Cross-Site Scripting XSS in OTRS Date: 28.01.2014 Exploit Author: Adam Ziaja http://adamziaja.com Vendor Homepage: https://www.otrs.com Version: 3.1.x before 3.1.20, 3.2.x before 3.2.15, and 3.3.x before 3.3.5 CVE :...

WordPress 4.2 - Persistent Cross-Site Scripting

WordPress 4.2 - Persistent Cross-Site Scripting Source: http://klikki.fi/adv/wordpress2.html Overview Current versions of WordPress are vulnerable to a stored XSS. An unauthenticated attacker can inject JavaScript in WordPress comments. The script is triggered when the comment is viewed. If...

OTRS &lt; 3.1.x / &lt; 3.2.x / &lt; 3.3.x - Persistent Cross-Site Scripting

Exploit Title: Stored Cross-Site Scripting XSS in OTRS Date: 28.01.2014 Exploit Author: Adam Ziaja http://adamziaja.com Vendor Homepage: https://www.otrs.com Version: 3.1.x before 3.1.20, 3.2.x before 3.2.15, and 3.3.x before 3.3.5 CVE : CVE-2014-1695 !/usr/bin/perl -w use strict; use MIME::Lite;...

WordPress Core 4.2 - Persistent Cross-Site Scripting

Source: http://klikki.fi/adv/wordpress2.html Overview Current versions of WordPress are vulnerable to a stored XSS. An unauthenticated attacker can inject JavaScript in WordPress comments. The script is triggered when the comment is viewed. If triggered by a logged-in administrator, under default...

Xoops CMS 2.5.7.1 Cross Site Scripting

Hi Team, Affected Vendor: http://www.xoops.org/ Date: 24/04/2015 Discovered by: Joel Vadodil Varghese Type of vulnerability: Persistent XSS Tested on: Windows 8.1 Product: Xoops CMS Version: 2.5.7.1 Tested Link:...

SevDesk v1.1 iOS - Persistent Dashboard Vulnerability

Document Title: =============== SevDesk v1.1 iOS - Persistent Dashboard Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1311 Release Date: ============= 2015-04-23 Vulnerability Laboratory ID VL-ID: ==================================== 1311...

Pligg CMS 2.0.2 Cross Site Scripting

Hi Team, Affected Vendor: http://pligg.com/ Date: 23/04/2015 Discovered by: Joel Vadodil Varghese Type of vulnerability: Persistent XSS Tested on: Windows 8.1 Product: Pligg CMS Version: 2.0.2 Tested Link: http://localhost/pligg/admin/adminpage.php Description: Pligg CMS is a content management...

Socrata Online Service Script Insertion

Document Title: =============== Socrata Bug Bounty 1 - Persistent Encoding Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1438 Release Date: ============= 2015-04-22 Vulnerability Laboratory ID VL-ID: ====================================...

Socrata Bug Bounty #1 - Persistent Encoding Vulnerability

Document Title: =============== Socrata Bug Bounty 1 - Persistent Encoding Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1438 Release Date: ============= 2015-04-22 Vulnerability Laboratory ID VL-ID: ====================================...

HomeAdvisor Filter Bypass / Script Insertion

Document Title: =============== HomeAdvisor Bug Bounty 1 - Filter Bypass & Client Side Exception Handling Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1452 Release Date: ============= 2015-04-21 Vulnerability Laboratory ID VL-ID:...

SevDesk v1.1 iOS - Persistent Dashboard Vulnerability

Document Title: =============== SevDesk v1.1 iOS - Persistent Dashboard Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1311 Release Date: ============= 2015-04-22 Vulnerability Laboratory ID VL-ID: ==================================== 1311...

Socrata Bug Bounty #1 - Persistent Encoding Vulnerability

Document Title: =============== Socrata Bug Bounty 1 - Persistent Encoding Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1438 Release Date: ============= 2015-04-22 Vulnerability Laboratory ID VL-ID: ====================================...

SevenIT SevDesk 3.10 Cross Site Scripting

Document Title: =============== SevenIT SevDesk 3.10 - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1314 Release Date: ============= 2015-03-23 Vulnerability Laboratory ID VL-ID: ==================================== 1314...

iPassword Manager v2.6 iOS - Persistent Vulnerabilities

Document Title: =============== iPassword Manager v2.6 iOS - Persistent Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1453 Release Date: ============= 2015-04-21 Vulnerability Laboratory ID VL-ID: ==================================== 14...

Ebay Magento CMS / API Cross Site Scripting

Document Title: =============== Ebay Inc Xcom 6 - Persistent POST Inject Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1227 Release Date: ============= 2015-03-24 Vulnerability Laboratory ID VL-ID: ==================================== 122...

SevenIT SevDesk 3.10 - Multiple Web Vulnerabilities

Document Title: =============== SevenIT SevDesk 3.10 - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1314 Release Date: ============= 2015-03-23 Vulnerability Laboratory ID VL-ID: ==================================== 1314...

Ebay Xcom Item Preview Cross Site Scripting

Document Title: =============== Ebay Inc Xcom 4 - Item Preview Persistent Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1215 Release Date: ============= 2015-03-23 Vulnerability Laboratory ID VL-ID: ==================================== 12...

Juniper Junos SRX Series 'log-out-on-disconnect' Persistent Admin Access (JSA10672)

According to its self-reported version number, the remote Juniper Junos SRX series device is affected by an administrative access vulnerability due to a flaw in the 'log-out-on-disconnect' feature after a reboot. This can allow an attacker with physical access to the device to gain administrative...