PT-2020-6926 · Jquery +5 · Jquery +5

Name of the Vulnerable Software and Affected Versions: jquery versions prior to 1.9.0 Description: The issue allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove HTML tags that contain a whitespace character, i.e: , which results in the enclosed...

CVE-2020-8966

There is an Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in php webpages of Tiki-Wiki Groupware. Tiki-Wiki CMS all versions through 20.0 allows malicious users to cause the injection of malicious code fragments scripts into a legitimate web page...

RemShutdown 2.9.0.0 - Name Denial of Service (PoC)

RemShutdown 2.9.0.0 - Name Denial of Service PoC Exploit Title: RemShutdown 2.9.0.0 - 'Name' Denial of Service PoC Exploit Author : Ismail Tasdelen Exploit Date: 2020-01-06 Vendor Homepage : http://www.nsauditor.com/ Link Software : http://www.nsauditor.com/downloads/remshutdownsetup.exe Tested o...

The vulnerability of the Enterprise Resource Management System “Galaktika ERP” relates to insufficient protection of the website structure, allowing attackers to execute arbitrary JavaScript code in the browser of the connected client.

The vulnerability of the component that allows sending messages to connected users in the enterprise resource management system Galaktika ERP is related to insufficient protection of the website structure. Exploiting this vulnerability could allow a malicious actor to execute arbitrary JavaScript...

Pluck Cross-Site Scripting Vulnerability

Pluck is a simple content management system CMS written in PHP. A cross-site scripting vulnerability exists in Pluck version 4.7.7, which can be exploited by remote attackers to execute scripts via SVG files with Javascript code in the SCRIPT element...

Yellow Pages Script 3.2 - 'category_id' SQL Injection

Exploit Title: Yellow Pages Script v3.2 - SQL Injection Google Dork: N/A Date: 11.03.2017 Vendor Homepage: https://www.phpjabbers.com/ Software: https://www.phpjabbers.com/yellow-pages-script/ Demo: http://demo.phpjabbers.com/index.php?demo=yps&front=1&lid=1 Version: 3.2 Tested on: Win7 x64, Kali...

The system allows the upload of the xml file may lead to xss-vulnerability warning-the black bar safety net

the xml file may contain an xml-stylesheet tag is used to specify an xsl file to the xml file format and output. In the xsl output of the process, you can output any html code, including thescriptag。。。。 That you can bomb alert. However, the xml formatted script permissions is relatively small, ma...

JSF: XSS due to insufficient escaping of user-supplied content in outputText tags and EL expressions

It was found that Mojarra JavaServer Faces did not properly escape user-supplied content in certain circumstances. Contents of outputText tags and raw EL expressions that immediately follow script or style elements were not escaped. A remote attacker could use a specially crafted URL to execute...

Check Point Software Firewall-1 3.0 Script Tag Checking Bypass Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/954/info Firewall-1 includes the ability to alter script tags in HTML pages before passing them to the client's browser. This alteration invalidates the tag, rendering the script unexecutable by the browser. In version 3,...

SA-CONTRIB-2012-096 - Authoring HTML - Cross Site Scripting (XSS)

This module creates an input format suitable for use within a WYSIWYG editor. It adds support for the iframe HTML tag, making it friendly with the popular iframe embeds available in popular video sites like YouTube and Vimeo. It supports the script tag too. Both tags will only be allowed if the...

Cross-site scripting cookie theft

Added: 03/09/2010 Background Many web sites include scripts, which are lists of commands which, when executed in sequence, provide some enhancement to a web page. Web browsers are able to recognize scripts in web pages by the tag and handle them accordingly. Problem By sending an HTTP request...

Stack overflow

Stack-based buffer overflow in W3C Amaya Web Browser 11.1 allows remote attackers to execute arbitrary code via a script tag with a long defer attribute...

CVE-2009-1209

Stack-based buffer overflow in W3C Amaya Web Browser 11.1 allows remote attackers to execute arbitrary code via a script tag with a long defer attribute...

CVE-2009-1209

Stack-based buffer overflow in W3C Amaya Web Browser 11.1 allows remote attackers to execute arbitrary code via a script tag with a long defer attribute...

openSUSE 10 Security Update : qt (qt-3050)

qt wrongly accepts overly long UTF-8 sequences due to a bug in the UTF-8 decoder. This may lead to security problems unter certain circumstances. The bug for example allows for script tag injection in konqueror CVE-2007-0242. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive te...

openSUSE 10 Security Update : libqt4 (libqt4-3056)

qt wrongly accepts overly long UTF-8 sequences due to a bug in the UTF-8 decoder. This may lead to security problems unter certain circumstances. The bug for example allows for script tag injection in konqueror CVE-2007-0242. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive te...

PT-2007-3714 · Mochikit · Mochikit

Name of the Vulnerable Software and Affected Versions: MochiKit framework affected versions not specified Description: The issue allows remote attackers to obtain data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other...

PT-2007-3716 · Prototype · Prototypejs

Name of the Vulnerable Software and Affected Versions: prototypejs versions prior to 1.5.1 RC3 Description: The issue allows remote attackers to obtain data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript...

PT-2007-3715 · Moo.Fx · Moo.Fx

Name of the Vulnerable Software and Affected Versions: Moo.fx framework affected versions not specified Description: The issue concerns the exchange of data using JavaScript Object Notation JSON without proper protection, allowing remote attackers to obtain the data. This is achieved through a we...

PT-2007-3713 · Microsoft · Atlas

Name of the Vulnerable Software and Affected Versions: Microsoft Atlas framework affected versions not specified Description: The issue concerns the exchange of data using JavaScript Object Notation JSON without proper protection, allowing remote attackers to obtain the data. This can be achieved...