rosholt.k12.wi.us XSS vulnerability

Open Bug Bounty ID: OBB-69727 Description| Value ---|--- Affected Website:| rosholt.k12.wi.us Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

lakemills.k12.wi.us XSS vulnerability

Open Bug Bounty ID: OBB-69701 Description| Value ---|--- Affected Website:| lakemills.k12.wi.us Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

PHP pcnt_exec() function security bypass vulnerability

PHP is a general-purpose web programming language. The PHP pcntexec function accepts null values in paths and is vulnerable to a security bypass vulnerability. A remote attacker can submit special values to bypass security controls on path values...

999gag.com XSS vulnerability

Open Bug Bounty ID: OBB-62244 Description| Value ---|--- Affected Website:| 999gag.com Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Prevention Cheat Sheet...

CVE-2015-0727

Cross-site scripting XSS vulnerability in the HTTP module in Cisco Security Manager CSM 4.70SP11 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCut27789...

CVE-2015-0727

Cross-site scripting XSS vulnerability in the HTTP module in Cisco Security Manager CSM 4.70SP11 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCut27789...

Concrete5 5.7.3.1 Cross Site Scripting

Information -------------------- Advisory by Netsparker. Name: Multiple XSS Vulnerabilities in Concrete5 Affected Software : Concrete5 Affected Versions: 5.7.3.1 and possibly below Vendor Homepage : https://www.concrete5.org Vulnerability Type : Cross-site Scripting Severity : Important CVE-ID:...

SonicWall SonicOS crossite scripting

No description provided...

Unfixed XSS vulnerability at www.maybankard.net

Security researcher SaifuddinAmri, has submitted on 05/03/2015 a cross-site-scripting XSS vulnerability affecting www.maybankard.net, which at the time of submission ranked 166631 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 10/03/2015. It i...

Microsoft SharePoint CVE-2015-1640 Cross Site Scripting Vulnerability

Description Microsoft SharePoint is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may...

CVE-2015-2933

Cross-site scripting XSS vulnerability in the Html class in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via a LanguageConverter substitution string when using a language variant...

CVE-2015-2275

WoltLab Community Gallery 2.0 (pre-12/26/2014) is affected by a stored XSS via parameters[data][7][title] in the saveImageData action to index.php/AJAXProxy. The vulnerability enables arbitrary script/HTML injection and is documented with a PoC and public references. Fixed in Community Gallery 2....

CVE-2015-1632

The CVE-2015-1632 issue is a Cross-site scripting vulnerability in Outlook Web App (OWA) errorfe.aspx of Microsoft Exchange Server 2013 SP1 and Cumulative Update 7, exploitable via the msgParam parameter in an authError action. The root cause is improper sanitization of error messages in OWA, ena...

CVE-2015-1176-xss-osticket

CVE-2015-1176-xss-osticket Information ---------------- Advisory by Octogence. Name: Reflected XSS Vulnerability in osTicket Ticket system Affected Software : osTicket Affected Versions: 1.9.4 and possibly below Vendor Homepage : http://osticket.com/ Vulnerability Type : Cross-site Scripting...

CVE-2014-7881

Cross-site scripting XSS vulnerability in the server in HP Insight Control allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

Wordpress Email newsletter 20.9 Cross Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title : Wordpress Email newsletter 20.9 Cross Site Scripting Exploit Author : Ashiyane Digital Security Team Vendor Homepage : https://wordpress.org/plugins/email-newsletter/ Software Link :...

Cross-site scripting vulnerability

A cross-site scripting vulnerability exists in the web-based device management interface whereby data provided by the user is echoed back to the user without sanitization. Ref 64563. This vulnerability has been assigned CVE-2014-3764. This issue affects the management interface of the device, whe...

PT-2016-02: Cross-Site Scripting in Advantech WebAccess

The specialists of the Positive Research center have detected a Cross-Site Scripting vulnerability in Advantech WebAccess. A Cross-site scripting XSS vulnerability exists in Advantech WebAccess before 8.1 when the web server does not properly filter user input, which allows remote authenticated...

Server: CSRF in "bookmarks" application

Due to not verifying the CSRF token on the import functionality of the "bookmarks" application, it was vulnerable against CSRF attacks. The "bookmarks" application is disabled by default. An unauthenticated attacker could have used this to import bookmarks into the "bookmarks" application if the...

CVE-2014-8578

Cross-site scripting XSS vulnerability in the Groups panel in OpenStack Dashboard Horizon before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 allows remote administrators to inject arbitrary web script or HTML via a user email address, a different vulnerability than CVE-2014-3475...