CVE-2018-16778

Cross-site scripting XSS vulnerability in Jenzabar v8.2.1 through 9.2.0 allows remote attackers to inject arbitrary web script or HTML via the query parameter aka the Search Field...

Cross site scripting

Cross-site scripting XSS vulnerability in Jenzabar v8.2.1 through 9.2.0 allows remote attackers to inject arbitrary web script or HTML via the query parameter aka the Search Field...

CVE-2018-16778

Cross-site scripting XSS vulnerability in Jenzabar v8.2.1 through 9.2.0 allows remote attackers to inject arbitrary web script or HTML via the query parameter aka the Search Field...

CVE-2018-18717

An issue was discovered in Eleanor CMS through 2015-03-19. XSS exists via the ajax.php?direct=admin&file=autocomplete&query=XSS URI...

fat_free_crm gem XSS vulnerability via query parameter

FatFreeCRM version =0.15.0 =0.16.0 =0.17.0 =0.17.2, ==0.18.0 contains a Cross Site Scripting XSS vulnerability in commit 6d60bc8ed010c4eda05d6645c64849f415f68d65 that can result in Javascript execution. This attack appear to be exploitable via Content with Javascript payload will be executed on e...

CVE-2018-18551

ServersCheck Monitoring Software through 14.3.3 has Persistent and Reflected XSS via the sensors.html status parameter, sensors.html type parameter, sensors.html device parameter, report.html location parameter, groupdelete.html group parameter, reportsave.html query parameter, sensors.html...

CVE-2018-6643

Infoblox NetMRI 7.1.1 has Reflected Cross-Site Scripting via the /api/docs/index.php query parameter...

CVE-2018-6643

Infoblox NetMRI 7.1.1 has Reflected Cross-Site Scripting via the /api/docs/index.php query parameter...

CVE-2018-15566

tp5cms through 2017-05-25 has XSS via the admin.php/article/index.html q parameter...

valeuraddons German Spelling Dictionary Cross-Site Scripting Vulnerability

valeuraddons German Spelling Dictionary is a German spelling dictionary application. The program is mainly used to check German spelling mistakes. A cross-site scripting vulnerability exists in valeuraddons German Spelling Dictionary version 1.3. A remote attacker can exploit this vulnerability t...

peliculas.store XSS vulnerability

Open Bug Bounty ID: OBB-661673 Description| Value ---|--- Affected Website:| peliculas.store Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Security Bulletin: Multi-Cloud Data Encryption (MDE) is affected by an SSL Query Parameter Exposure vulnerability

Summary Multi-Cloud Data Encryption MDE has addressed the following query parameter exposure vulnerability. Vulnerability Details CVEID: CVE-2018-1592 DESCRIPTION: IBM Multi-Cloud Data Encryption MDE stores sensitive information in URL parameters. This may lead to information disclosure if...

Splunk Information Disclosure Vulnerability

Splunk is a suite of data collection and analysis software from Splunk, Inc. in the United States. The software is primarily used to collect, index and analyze machine-generated data, including data generated by all IT systems and infrastructures physical, virtual and cloud. A security...

CVE-2018-6409

An issue was discovered in Appnitro MachForm before 4.2.3. The module in charge of serving stored files gets the path from the database. Modifying the name of the file to serve on the corresponding apform table leads to a path traversal vulnerability via the download.php q parameter...

iScripts SonicBB 1.0 - Reflected Cross-Site Scripting (PoC)

iScripts SonicBB 1.0 - Reflected Cross-Site Scripting PoC Exploit Title: iScripts SonicBB 1.0 - Reflected Cross-Site Scripting Date: 02/04/2018 Exploit Author: ManhNho Vendor Homepage: https://www.iscripts.com Demo Page: https://www.demo.iscripts.com/sonicbb/demo/ Version: 1.0 Tested on: Windows ...

teibansite.com XSS vulnerability

Open Bug Bounty ID: OBB-563675 Description| Value ---|--- Affected Website:| teibansite.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

CVE-2017-1785

IBM API Connect 5.0.7 and 5.0.8 could allow an authenticated remote user to modify query parameters to obtain sensitive information. IBM X-Force ID: 136859...

CVE-2017-1000404

The Jenkins Delivery Pipeline Plugin version 1.0.7 and earlier used the unescaped content of the query parameter 'fullscreen' in its JavaScript, resulting in a cross-site scripting vulnerability through specially crafted URLs...

Cross site scripting

The Jenkins Delivery Pipeline Plugin version 1.0.7 and earlier used the unescaped content of the query parameter 'fullscreen' in its JavaScript, resulting in a cross-site scripting vulnerability through specially crafted URLs...

HackerOne: Query parameter reordering causes redirect page to render unsafe URL

Hello hackerone team I want to report I bypass w/c lead to XSS but limited only for IE due to CSP block on chrome Here is the POC ------------------ https://hackerone.com/redirect?signature=c9304cadaeabca0bfb7b92503c0318da5c42a86b&url=http%3A%2F%2Fbuglabs.me&url=JAVASCRIPT:alert%09document.domain...