WordPress DW Question & Answer Pro premium plugin <= 1.3.4 - Arbitrary Comment Edition via IDOR vulnerability

Arbitrary Comment Edition via IDOR vulnerability discovered by Brandon Roldan in WordPress DW Question & Answer Pro premium plugin versions = 1.3.4. Solution No patched version is available...

WordPress DW Question & Answer plugin <= 1.5.7 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability discovered by Jerome Bruandet NinTechNet in WordPress DW Question & Answer plugin versions = 1.5.7. Solution 21st June 2021 - no fix available...

U.S. General Services Administration: Account takeover through multistage CSRF at https://autochoice.fas.gsa.gov/AutoChoice/changeQAOktaAnswer and ../AutoChoice/changePwOktaAnswer

Hi, Account takeover is possible through CSRF vulnerability at 'Change Security Question/Answer' & ' Change Password'. The endpoints - https://autochoice.fas.gsa.gov/AutoChoice/changeQAOktaAnswer & https://autochoice.fas.gsa.gov/AutoChoice/changePwOktaAnswer both are vulnerable to CSRF attack...

XSS Vulnerability in WHATSNS System

WHATSNS system is a php open source Q&A system that can quickly build verticalized domains based on your business needs. WHATSNS system has an XSS vulnerability that can be exploited by attackers to obtain sensitive information...

WordPress Plugin Question Answer Has Multiple Cross-Site Scripting Vulnerabilities

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. Multiple cross-site scripting vulnerabilities exist in WordPress plugin Question Answer v1.2.30, which can be exploited by...

WordPress Question Answer 1.2.30 Cross Site Scripting

========================================================================================== Question Answer v1.2.30 WordPress Plugin - Multiple Cross-Site Scripting Vulnerabilities ========================================================================================== Exploit Title: Question...

Sql injection

The "JEXTN Question And Answer" extension 3.1.0 for Joomla! has SQL Injection via the an parameter in a view=tags action, or the ques-srch parameter...

JEXTN Question And Answer extension SQL Injection Vulnerability

Joomla! is the U.S. Open Source Matters team developed a set of open source content management system CMS, the system provides RSS feeds, site search and other functions.JEXTN Question And Answer extension is used in one of the online question and answer plug-ins. A SQL injection vulnerability...

JEXTN Question And Answer ,3.1.0,SQL Injection

JEXTN Question And Answer ,3.1.0,SQL Injection...

WordPress DW Question Answer 1.4.2.2 Cross Site Scripting

FULL DISCLOSURE Product : DW Question Answer Exploit Author : Rahul Pratap Singh Version : 1.4.2.2 Home page Link : https://wordpress.org/plugins/dw-question-answer/ Website : 0x62626262.wordpress.com Linkedin : https://in.linkedin.com/in/rahulpratapsingh94 Date : 11/3/2016 XSS Vulnerability:...

WordPress DW Question & Answer Plugin <= 1.4.2.2 - Stored XSS

Because of this vulnerability, the attackers can inject arbitrary JavaScript or HTML code. Solution Update the plugin...

DW Question & Answer <= 1.4.2.2 - Stored Cross-Site Scripting (XSS)

The DW Question & Answer WordPress plugin was affected by a Stored Cross-Site Scripting XSS security vulnerability...

最新版通达OA几处存储型XSS

简要描述： 最新版通达OA几处存储型XSS 详细说明： 测试版本：下载 通达OA 2013增强版125MB 下载地址：http://www.tongda2000.com/download/2013adv.php 更新于 2013-12-26 13:30 1、讨论区发帖处发帖内容存储型XSS 2、回答“OA知道”问题时以源码方式编辑存在存储型XSS： 漏洞证明： img src="https://images.seebug.org/upload...

SPBAS Business Automation Software 2012 XSS / CSRF

SPBAS Business Automation Software- XSS & CSRF Vulnerability Date: 16 June 2013 Author: Christy Philip Mathew - www.offcon.org Vendor or Software Link: http://demo.spbas.com Version: 2012 1.XSS Vulnerability a Client Area - My Info - Update the first name and last name to john" b Update the...

SPBAS Business Automation Software XSS & CSRF Vulnerability

Exploit for php platform in category web applications SPBAS Business Automation Software- XSS & CSRF Vulnerability Date: 16 June 2013 Author: Christy Philip Mathew - www.offcon.org Vendor or Software Link: http://www.spbas.com Version: 2012 1.XSS Vulnerability a Client Area - My Info - Update the...

SPBAS Business Automation Software 2012 - Multiple Vulnerabilities

SPBAS Business Automation Software- XSS & CSRF Vulnerability Date: 16 June 2013 Author: Christy Philip Mathew - www.offcon.org Vendor or Software Link: http://www.spbas.com Version: 2012 1.XSS Vulnerability a Client Area - My Info - Update the first name and last name to john" b Update the securi...

OSQA vulnerable to cross-site scripting

Overview OSQA The Open Source Q system contains a cross-site scripting vulnerability. OSQA is an open source question and answer system. OSQA contains a cross-site scripting vulnerability. Kousuke Ebihara reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Informati...