CVE-2021-32641

auth0-lock is Auth0's signin solution. Versions of nauth0-lock before and including 11.30.0 are vulnerable to reflected XSS. An attacker can execute arbitrary code when the library's flashMessage feature is utilized and user input or data from URL parameters is incorporated into the flashMessage ...

Design/Logic Flaw

auth0-lock is Auth0's signin solution. Versions of nauth0-lock before and including 11.30.0 are vulnerable to reflected XSS. An attacker can execute arbitrary code when the library's flashMessage feature is utilized and user input or data from URL parameters is incorporated into the flashMessage ...

CVE-2021-32641

CVE-2021-32641 affects Auth0-lock (Auth0’s signin solution). Versions up to and including 11.30.0 are vulnerable to a reflected XSS when user input from URL parameters is injected into the library’s flashMessage or languageDictionary features. The issue is addressed in version 11.30.1, which patc...

CVE-2020-21179

Sql injection vulnerability in koa2-blog 1.0.0 allows remote attackers to Injecting a malicious SQL statement via the name parameter to the signin page...

Sql injection

Sql injection vulnerability in koa2-blog 1.0.0 allows remote attackers to Injecting a malicious SQL statement via the name parameter to the signin page...

CVE-2019-12783

An issue was discovered in Verint Impact 360 15.1. At wfo/control/signin, the rd parameter can accept a URL, to which users will be redirected after a successful login. In conjunction with CVE-2019-12784, this can be used by attackers to "crowdsource" bruteforce login attempts on the target site,...

CVE-2019-12784

An issue was discovered in Verint Impact 360 15.1. At wfo/control/signin, the login form can accept submissions from external websites. In conjunction with CVE-2019-12783, this can be used by attackers to "crowdsource" bruteforce login attempts on the target site, allowing them to guess and...

March 8, 2016, update for Office 2016 (KB3114705)

March 8, 2016, update for Office 2016 KB3114705 This article describes update KB3114705 for Microsoft Office 2016, which was released on March 8, 2016. This update has a prerequisite. Be aware that the update on the Microsoft Download Center applies to the Microsoft Installer .msi-based edition o...

Jelastic 5.4 - 'host' SQL Injection

Exploit Title: Jelastic 5.4 - 'host' SQL injection Google Dork: N/A Date: date Exploit Author: Procode701 Vendor Homepage: https://jelastic.com/ Software Link: https://jelastic.com/ Version: 5.4 Tested on: Kali Linux CVE : N/A POC: The application /1.0/users/authentication/rest/signin is vulnerab...

Mitel ST 14.2 Cross-Site Scripting Vulnerability

Mitel ST is a video conferencing product from Mitel Canada. conferencing is one of the teleconferencing components. A cross-site scripting vulnerability exists in the conferencing component of Mitel ST 14.2 GA29 19.49.9400.0 and prior versions, which stems from the program failing to adequately...

CVE-2018-12901

A vulnerability in the conferencing component of Mitel ST 14.2, versions GA29 19.49.9400.0 and earlier, could allow an unauthenticated attacker to conduct a reflected cross-site scripting XSS attack due to insufficient validation for the signin.php page. A successful exploit could allow an attack...

CVE-2018-12901

A vulnerability in the conferencing component of Mitel ST 14.2, versions GA29 19.49.9400.0 and earlier, could allow an unauthenticated attacker to conduct a reflected cross-site scripting XSS attack due to insufficient validation for the signin.php page. A successful exploit could allow an attack...

Mitel MiVoice Connect Cross-Site Scripting Vulnerability (CNVD-2018-08581)

Mitel MiVoice Connect R1707-PREM and Mitel ST are both products of Mitel Canada.Mitel MiVoice Connect R1707-PREM is a Unified Communications Management Appliance.ST is a videoconferencing product.conferencing is one of the notification components. conferencing is one of the conference notificatio...

CVE-2018-9103

A vulnerability in the conferencing component of Mitel MiVoice Connect, versions R1707-PREM SP1 21.84.5535.0 and earlier, and Mitel ST 14.2, versions GA27 19.49.5200.0 and earlier, could allow an unauthenticated attacker to conduct a reflected cross-site scripting XSS attack due to insufficient...

CVE-2018-9103

A vulnerability in the conferencing component of Mitel MiVoice Connect, versions R1707-PREM SP1 21.84.5535.0 and earlier, and Mitel ST 14.2, versions GA27 19.49.5200.0 and earlier, could allow an unauthenticated attacker to conduct a reflected cross-site scripting XSS attack due to insufficient...

shopbop.com XSS vulnerability

Open Bug Bounty ID: OBB-575459 Description| Value ---|--- Affected Website:| shopbop.com Open Bug Bounty Program:| Not created yet Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Disclosure...

davidoff.menshealth.co.uk XSS vulnerability

Open Bug Bounty ID: OBB-533357 Description| Value ---|--- Affected Website:| davidoff.menshealth.co.uk Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

smashbox.com XSS vulnerability

Vulnerable URL: https://www.smashbox.com/account/signin.tmpl?SUBMIT="%3E%3Csvg onload = promptOPENBUGBOUNTY%0A \ Details: Description| Value ---|--- Patched:| Yes, at Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 92904 VIP website status:| No Check smashbox.com SS...

CVE-2016-4740

Apple iOS before 10, when Handoff for Messages is used, does not ensure that a Messages signin has occurred before displaying messages, which might allow attackers to obtain sensitive information via unspecified vectors...

varecha.com XSS vulnerability

Vulnerable URL: http://www.varecha.com/fb/signin.php?w=Basica75iy%22%3E%3Cscript%3Ealert/OPENBUGBOUNTY/%3C/script%3Etar6b Details: Description| Value ---|--- Patched:| No Latest check for patch:| 27.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / N...