1035 matches found
ncca.ir XSS vulnerability
Vulnerable URL: http://ncca.ir/users/signup.php?utype=admin" Details: Description| Value ---|--- Patched:| Yes, at Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 6418046 VIP website status:| No Check ncca.ir SSL connection:| Grade: A Coordinated Disclosure Timeline...
neconf.ir XSS vulnerability
Vulnerable URL: http://www.neconf.ir/users/signup.php?utype=admin" Details: Description| Value ---|--- Patched:| No Latest check for patch:| 27.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 12527931 VIP website status:| No Check neconf.ir SSL connection:|...
mdconf.ir XSS vulnerability
Vulnerable URL: http://mdconf.ir/users/signup.php?utype=admin" Details: Description| Value ---|--- Patched:| No Latest check for patch:| 27.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 3390821 VIP website status:| No Check mdconf.ir SSL connection:| Grade...
webhr.co XSS vulnerability
Vulnerable URL: https://webhr.co/signup.php?package=Basica75iy"...
frontendmasters.com XSS vulnerability
Vulnerable URL: https://frontendmasters.com/signup/confirmed/?email=%22%3E%3Cimg+src%3Dx+onerror%3Dprompt%28%2FOPENBUGBOUNTY%2F%29%3E%22=%22%3E%3Cimg%20src=x%20onerror=prompt%28/OPENBUGBOUNTY/%29%3E%22 Details: Description| Value ---|--- Patched:| Yes, at Vulnerability type:| XSS Vulnerability...
weibo.com XSS vulnerability
Open Bug Bounty ID: OBB-166991 Description| Value ---|--- Affected Website:| weibo.com Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Prevention Cheat Sheet...
ck12.org XSS vulnerability
Vulnerable URL: https://www.ck12.org/auth/signup/student?requestor='-alert'OPENBUGBOUNTY'-' Details: Description| Value ---|--- Patched:| Yes, at 21.03.2017 Latest check for patch:| 21.03.2017 22:47 GMT Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 5833 VIP websit...
Keybase: Register multiple users using one invitation (race condition)
Hi, It is possible to create multiple accounts using a single invitationid due to a race condition bug in //api/1.0/signup.json. I have successfully created 8 accounts using invitation with id = 37c5a121adf23e90b875500d The account usernames: novijosiptest1,2,4,5,6,8,9,10 you can delete them, I...
gemselect.com XSS vulnerability
Vulnerable URL: https://www.gemselect.com/account/accsignup.php?sessid=" Details: Description| Value ---|--- Patched:| Yes, at 27.07.2017 Latest check for patch:| 27.07.2017 10:09 GMT Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 50974 VIP website status:| No Chec...
XuezhuLi FileSharing Cross Site Request Forgery
document.forms.csrfpoc.submit; cat /srv/userlists.txt aaaa csrftest --...
Uber: Bulk UUID enumeration via invite codes
It is possible to enumerate UUID via invite code. During signup if we enter invite code then create request's response contains inviteruuid . As invite codes are public so attacker can easily enumerate bulk UUID . Here is sample request :- POST /signup/clients/create HTTP/1.1 X-Uber-RedirectCount...
wheniwork.com XSS vulnerability
Open Bug Bounty ID: OBB-157786 Description| Value ---|--- Affected Website:| wheniwork.com Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Prevention Cheat She...
interpals.net XSS vulnerability
Vulnerable URL: https://www.interpals.net/async/signup.php?step=1"XSSOPENBUGBOUNTY...
avsforum.com XSS vulnerability
Vulnerable URL: http://www.avsforum.com/wordpress/newsletter/signup-error.php?error=Invalid%20email:%20%3Cscript%3Ealert%28%22xssposed%22%29%3C/script%3E Details: Description| Value ---|--- Patched:| Yes, at 27.07.2017 Latest check for patch:| 27.07.2017 09:11 GMT Vulnerability type:| XSS...
New Relic: Password disclosure during signup process
New relic provides user's the option to register new accounts. It was observed that during creation of new account process, user's password is displayed in clear text in response. This leads to disclosure of passwords. There may be another issue here that user's passwords are not stored in hashed...
osmoseproductions.com XSS vulnerability
Vulnerable URL: http://www.osmoseproductions.com/signup/ Details: Description| Value ---|--- Patched:| No Latest check for patch:| 30.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 617588 Google Pagerank| 3 VIP website status:| No Check osmoseproductions.co...
New Relic: Reflected XSS on Signup Page
Hello Team, I have found a reflected XSS on Signup Page i.e. on https://newrelic.com/signup. Please find the below details. Vulnerable URL: https://newrelic.com/signup Vulnerable Field: Your Email Address Vulnerable Parameter: email Parameter Type: POST Payload used: Browser used: Mozilla Firefox...
New Relic: A Signup page does not properly validate the authenticity token at the server side.
Description: POST /signups HTTP/1.1 Host: newrelic.com User-Agent: Mozilla/5.0 Windows NT 6.2; rv:43.0 Gecko/20100101 Firefox/43.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate X-NewRelic-ID: VQQHU1RbARABVlNWAgAGUA== X-CSRF-Token: Content-Type:...
Updated ruby-mail packages fix security vulnerability
The Mail library does not impose a length limit on email addresses, so an attacker can send a long spam message via a recipient address unless there is a limit on the application's side. The attacker-injected message in the recipient address is processed by the server. This type of vulnerability...
patternmart.com XSS vulnerability
Vulnerable URL: http://www.patternmart.com/signupform.php?acode=%22%3E%3Csvg/onload=prompt%28/XSSPOSED/%29%3E Details: Description| Value ---|--- Patched:| No Latest check for patch:| 26.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 1015427 Google Pagerank...