160 matches found
CVE-2020-29655
CVE-2020-29655 affects ASUS RT-AC88U Download Master prior to version 3.1.0.108. The root cause is unsanitized input passed through Main_Login.asp?flag=1&productname=FOOBAR&url=/downloadmaster/task.asp, which leads to text injection in the login page title and could influence its appearance. Publ...
CS Money: Content Spoofing/Text Injection in https://support.cs.money and JS file not minified and uglyfied which makes it clearly readable
Issue 1: Greetings, Hello Team, I have found a Content Spoofing/Text Injection on this domain https://support.cs.money Using the below link the attacker can trick any genuine user to go to the attacker's phishing site. The attacker could craft the URL by providing discounts which will tempt the...
Red Hat OpenShift web console resource management error vulnerability
Red Hat OpenShift is a Platform-as-a-Service PaaS cloud computing platform from Red Hat, Inc. that supports building, testing, deploying, and running applications. web console is one of the web-based console programs. A resource management error vulnerability exists in the Red Hat OpenShift web...
openshift/console: text injection on error page via crafted url
A content spoofing vulnerability was found in the openshift/console. This flaw allows an attacker to craft a URL and inject arbitrary text onto the error page that appears to be from the OpenShift instance. This attack could potentially convince a user that the inserted text is legitimate...
Acronis: Content Spoofing
Vulnerability: Content Spoofing or Text Injection Description: This vulnerability will reflect text on to the web page which is used to scam a victim to visit or send information to a malicious website. Because it is inside the domain and trusted web page, there is chances of scam. Open the Url a...
Medium: mod_auth_openidc
Issue Overview: A text injection flaw was found in how modauthopenidc handled error pages. An attacker could potentially use this flaw to conduct content spoofing and phishing attacks by tricking users into opening specially crafted URLs.CVE-2017-6059 It was found that modauthopenidc did not...
mod_auth_openidc: Shows user-supplied content on error pages
A text injection flaw was found in how modauthopenidc handled error pages. An attacker could potentially use this flaw to conduct content spoofing and phishing attacks by tricking users into opening specially crafted URLs...
Nextcloud: Content Spoofing /Text Injection in https://docs.nextcloud.com
Hello Team, I have found a Content Spoofing / Text Injection on this domain https://docs.nextcloud.com Go to https://docs.nextcloud.com/!!!ATENTION!%20This%20server%20is%20on%20Maintenance%20please%20go%20to%20WWW.EVIL.COM%20%20%20%20%20%20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20%...
Smule: Error Page Content Spoofing or Text Injection
Description: -------------- Content spoofing, also referred to as content injection, "arbitrary text injection" or virtual defacement, is an attack targeting a user made possible by an injection vulnerability in a web application. When an application does not properly handle user-supplied data, a...
Cisco Webex Business Suite Input Validation Error Vulnerability
Cisco Webex Business Suite is a set of video conferencing solutions from the U.S. company Cisco Cisco. An input validation error vulnerability exists in Cisco Webex Business Suite, which arises from the program not properly validating input. An attacker could exploit this vulnerability by trickin...
CVE-2019-1680
A vulnerability in Cisco Webex Business Suite could allow an unauthenticated, remote attacker to inject arbitrary text into a user's browser. The vulnerability is due to improper validation of input. An attacker could exploit this vulnerability by convincing a targeted user to view a malicious UR...
Input validation
A vulnerability in Cisco Webex Business Suite could allow an unauthenticated, remote attacker to inject arbitrary text into a user's browser. The vulnerability is due to improper validation of input. An attacker could exploit this vulnerability by convincing a targeted user to view a malicious UR...
SUSE SLES11 Security Update : mailman (SUSE-SU-2019:13924-1)
This update for mailman fixes the following issues : Fixed a XSS vulnerability and information leak in user options CGI, which could be used to execute arbitrary scripts in the user's browser via specially encoded URLs bsc1077358 CVE-2018-5950 Fixed a directory traversal vulnerability in MTA...
CFP Time: Content spoofing on error pages or text injection
Poc: https://www.cfptime.org/%20is%20not%20available%20anymore%20,%20pls%20go%20to%20WWW.EVIL.COM%20because%20this%20site. Steps to reproduce: 1: Just browse this target on any browser 2: Target: http://www.cfptime.org/ 3: add any content after For example: this is not available anymore pls check...
SUSE-SU-2019:13924-1 Security update for mailman
This update for mailman fixes the following issues: - Fixed a XSS vulnerability and information leak in user options CGI, which could be used to execute arbitrary scripts in the user's browser via specially encoded URLs bsc1077358 CVE-2018-5950 - Fixed a directory traversal vulnerability in MTA...
CFP Time: Error Page Content Spoofing or Text Injection
Description: hello sir, i found that one you once you write any thing after / in www.cfptime.org/ is reflected in the error page example go to www.cfptime.org/texthere you will see test here in the 404 error page Steps To Reproduce: 1.go...
SUSE SLES12 Security Update : mailman (SUSE-SU-2018:4296-1)
This update for mailman fixes the following security vulnerabilities : Fixed a XSS vulnerability and information leak in user options CGI, which could be used to execute arbitrary scripts in the user's browser via specially encoded URLs bsc1077358 CVE-2018-5950 Fixed a directory traversal...
SUSE-SU-2018:4296-1 Security update for mailman
This update for mailman fixes the following security vulnerabilities: - Fixed a XSS vulnerability and information leak in user options CGI, which could be used to execute arbitrary scripts in the user's browser via specially encoded URLs bsc1077358 CVE-2018-5950 - Fixed a directory traversal...
Hanno's projects: Text injection at https://media.hboeck.de
Text injection possible at https://media.hboeck.de if we craft url like this: https://media.hboeck.de/?c=http://www.example.com We can see the output on web app. Impact Defacement of website by following crafted link...
MyCrypto: Content Spoofing or Text Injection support.mycrypto.com
w2w reported a text injection attack where the user could be shown arbitrary text injected via query parameters. The MyCrypto team worked with w2w to resolve these issues, and appreciate the responsible disclosure. We look forward to continuing to work with the security community to triage and...