237 matches found
DEBIAN-CVE-2019-12095
Horde Trean, as used in Horde Groupware Webmail Edition through 5.2.22 and other products, allows CSRF, as demonstrated by the treanBookmarkTags parameter to the trean/ URI on a webmail server. NOTE: treanBookmarkTags could, for example, be a stored XSS payload...
CVE-2018-19644
Reflected cross site script issue in Micro Focus Solutions Business Manager SBM formerly Serena Business Manager SBM versions prior to 11.5...
CVE-2018-19644 Solutions Business Manager (SBM) reflected cross site script issue in version prior to 11.5
Reflected cross site script issue in Micro Focus Solutions Business Manager SBM formerly Serena Business Manager SBM versions prior to 11.5...
CVE-2018-19644
CVE-2018-19644 affects Micro Focus Solutions Business Manager (SBM, formerly Serena SBM) and SBM versions prior to 11.5. The connected documents describe a reflected cross-site scripting vulnerability that allows a remote attacker to inject arbitrary web script or HTML into SBM’s web context.
Cross-Site Script Inclusion (XSSI)
Jupyter notebook is vulnerable to cross-site script inclusion XSSI. When a user is logged into the Jupyter server and visits an unauthorized website, the web resources from a known URL could be included in a page of that unauthorized website, causing malicious code to be executed in the victim's...
Embed Video Scripts - Persistent Cross-Site Scripting
Embed Video Scripts - Persistent Cross-Site Scripting Exploit Title: Embed Video Scripts - Cross-site Script stored Google Dork: N/A Date: 1 Jan 2019 Exploit Author: Deyaa Muhammad Author EMail: contact at deyaa.me Author Blog: http://deyaa.me POC Video: https://youtu.be/2CFJLwkxpT8 Vendor...
Embed Video Scripts - Persistent Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: Embed Video Scripts - Cross-site Script stored Exploit Author: Deyaa Muhammad Author EMail: contact at deyaa.me Author Blog: http://deyaa.me POC Video: https://youtu.be/2CFJLwkxpT8 Vendor Homepage: https://codeawesome.in/embed/...
WebFairy Mediat 1.4.1 Cross Site Scripting
Exploit Title: Mediat 1.4.1 - Cross-site Script Google Dork: N/A Date: 1 Jan 2019 Exploit Author: Deyaa Muhammad Author EMail: contact at deyaa.me Author Blog: http://deyaa.me Vendor Homepage: http://webfairy.net/ Software Link: https://github.com/WebFairyNet/Mediat Demo Website:...
Liberapay: Current CSP Policy chained with HTML Injection can lead to Data Exfiltration
Hi Team, Summary While reviewing the CSP headers for en.liberapay.com i noticed that img-src has a source set to which means any source on the internet. The following is found in the current CSP Header config. img-src blob: data: Description: If the site is vulnerable to HTML Injection its possib...
inherentresolve.mil XSS vulnerability
Open Bug Bounty ID: OBB-559280 Description| Value ---|--- Affected Website:| inherentresolve.mil Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
CVE-2017-17894
Readymade Job Site Script has CSRF via the /job URI...
CVE-2017-17895
Readymade Job Site Script has SQL Injection via the locationname array parameter to the /job URI...
CVE-2017-17896
Readymade Job Site Script has XSS via the keyword parameter to the /job URI...
Cross site request forgery (csrf)
Readymade Job Site Script has CSRF via the /job URI...
Default credentials
Readymade Job Site Script has XSS via the keyword parameter to the /job URI...
PHP Scripts Mall Readymade Job Site Script Cross-Site Scripting Vulnerability
PHP Scripts Mall Readymade Job Site Script is a PHP based job site script by PHP Scripts Mall India. The script includes features like job management, profile management and email notifications. A cross-site scripting vulnerability exists in PHP Scripts Mall Readymade Job Site Script. A remote...
PHP Scripts Mall Readymade Job Site Script Cross Site Request Forgery Vulnerability
PHP Scripts Mall Readymade Job Site Script is a PHP based job site script by PHP Scripts Mall India. The script includes features like job management, profile management and email notifications. A cross-site request forgery vulnerability exists in PHP Scripts Mall Readymade Job Site Script. A...
CVE-2017-17894
CVE-2017-17894 affects the Readymade Job Site Script, with a CSRF flaw exploitable via the /job URI. Public sources (NVD/NVD-derived records) assign a CVSS‑3 base score of 8.8 (HIGH) and CVSS‑2 of 6.8 (MEDIUM), indicating network access required with user interaction typically needed (UI: REQUIRE...
CVE-2017-17896
CVE-2017-17896 affects Readymade Job Site Script with a cross-site scripting (XSS) vulnerability via the keyword parameter to the /job URI. The NVD entry reports a base score of 4.3 (CVSS2) and 6.1 (CVSS3), indicating that network access is required and user interaction is involved in a changed s...
CVE-2017-17895
Readymade Job Site Script has SQL Injection via the locationname array parameter to the /job URI...