Lucene search
+L

160 matches found

CVE
CVE
added 2020/12/09 8:0 a.m.57 views

CVE-2020-29655

CVE-2020-29655 affects ASUS RT-AC88U Download Master prior to version 3.1.0.108. The root cause is unsanitized input passed through Main_Login.asp?flag=1&productname=FOOBAR&url=/downloadmaster/task.asp, which leads to text injection in the login page title and could influence its appearance. Publ...

7.5CVSS7.6AI score0.00903EPSS
Exploits0References1Affected Software1
Hacker One
Hacker One
added 2020/10/03 4:41 p.m.42 views

CS Money: Content Spoofing/Text Injection in https://support.cs.money and JS file not minified and uglyfied which makes it clearly readable

Issue 1: Greetings, Hello Team, I have found a Content Spoofing/Text Injection on this domain https://support.cs.money Using the below link the attacker can trick any genuine user to go to the attacker's phishing site. The attacker could craft the URL by providing discounts which will tempt the...

0.1AI score
Exploits0
CNVD
CNVD
added 2020/07/28 12:0 a.m.4 views

Red Hat OpenShift web console resource management error vulnerability

Red Hat OpenShift is a Platform-as-a-Service PaaS cloud computing platform from Red Hat, Inc. that supports building, testing, deploying, and running applications. web console is one of the web-based console programs. A resource management error vulnerability exists in the Red Hat OpenShift web...

4.3CVSS6.9AI score0.00946EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2020/07/27 6:50 p.m.3 views

openshift/console: text injection on error page via crafted url

A content spoofing vulnerability was found in the openshift/console. This flaw allows an attacker to craft a URL and inject arbitrary text onto the error page that appears to be from the OpenShift instance. This attack could potentially convince a user that the inserted text is legitimate...

4.3CVSS5.7AI score0.00946EPSS
Exploits0References4
Hacker One
Hacker One
added 2020/04/06 4:59 p.m.14 views

Acronis: Content Spoofing

Vulnerability: Content Spoofing or Text Injection Description: This vulnerability will reflect text on to the web page which is used to scam a victim to visit or send information to a malicious website. Because it is inside the domain and trusted web page, there is chances of scam. Open the Url a...

6.8AI score
Exploits0
Amazon
Amazon
added 2019/10/21 12:0 a.m.29 views

Medium: mod_auth_openidc

Issue Overview: A text injection flaw was found in how modauthopenidc handled error pages. An attacker could potentially use this flaw to conduct content spoofing and phishing attacks by tricking users into opening specially crafted URLs.CVE-2017-6059 It was found that modauthopenidc did not...

8.6CVSS7.4AI score0.05177EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2019/08/06 12:7 p.m.2 views

mod_auth_openidc: Shows user-supplied content on error pages

A text injection flaw was found in how modauthopenidc handled error pages. An attacker could potentially use this flaw to conduct content spoofing and phishing attacks by tricking users into opening specially crafted URLs...

7.5CVSS5.7AI score0.05177EPSS
Exploits0References4
Hacker One
Hacker One
added 2019/08/02 8:25 p.m.56 views

Nextcloud: Content Spoofing /Text Injection in https://docs.nextcloud.com

Hello Team, I have found a Content Spoofing / Text Injection on this domain https://docs.nextcloud.com Go to https://docs.nextcloud.com/!!!ATENTION!%20This%20server%20is%20on%20Maintenance%20please%20go%20to%20WWW.EVIL.COM%20%20%20%20%20%20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20%...

0.6AI score
Exploits0
Hacker One
Hacker One
added 2019/02/20 12:37 p.m.28 views

Smule: Error Page Content Spoofing or Text Injection

Description: -------------- Content spoofing, also referred to as content injection, "arbitrary text injection" or virtual defacement, is an attack targeting a user made possible by an injection vulnerability in a web application. When an application does not properly handle user-supplied data, a...

0.6AI score
Exploits0
CNVD
CNVD
added 2019/02/18 12:0 a.m.5 views

Cisco Webex Business Suite Input Validation Error Vulnerability

Cisco Webex Business Suite is a set of video conferencing solutions from the U.S. company Cisco Cisco. An input validation error vulnerability exists in Cisco Webex Business Suite, which arises from the program not properly validating input. An attacker could exploit this vulnerability by trickin...

4.3CVSS6.8AI score0.01412EPSS
Exploits0References1
NVD
NVD
added 2019/02/07 9:29 p.m.28 views

CVE-2019-1680

A vulnerability in Cisco Webex Business Suite could allow an unauthenticated, remote attacker to inject arbitrary text into a user's browser. The vulnerability is due to improper validation of input. An attacker could exploit this vulnerability by convincing a targeted user to view a malicious UR...

4.3CVSS4.8AI score0.01412EPSS
Exploits0References2
Prion
Prion
added 2019/02/07 9:29 p.m.18 views

Input validation

A vulnerability in Cisco Webex Business Suite could allow an unauthenticated, remote attacker to inject arbitrary text into a user's browser. The vulnerability is due to improper validation of input. An attacker could exploit this vulnerability by convincing a targeted user to view a malicious UR...

4.3CVSS4.9AI score0.01412EPSS
Exploits0References2Affected Software2
Tenable Nessus
Tenable Nessus
added 2019/01/08 12:0 a.m.24 views

SUSE SLES11 Security Update : mailman (SUSE-SU-2019:13924-1)

This update for mailman fixes the following issues : Fixed a XSS vulnerability and information leak in user options CGI, which could be used to execute arbitrary scripts in the user's browser via specially encoded URLs bsc1077358 CVE-2018-5950 Fixed a directory traversal vulnerability in MTA...

8.8CVSS6.5AI score0.07964EPSS
Exploits4References16
Hacker One
Hacker One
added 2019/01/04 3:36 p.m.81 views

CFP Time: Content spoofing on error pages or text injection

Poc: https://www.cfptime.org/%20is%20not%20available%20anymore%20,%20pls%20go%20to%20WWW.EVIL.COM%20because%20this%20site. Steps to reproduce: 1: Just browse this target on any browser 2: Target: http://www.cfptime.org/ 3: add any content after For example: this is not available anymore pls check...

6.9AI score
Exploits0
OSV
OSV
added 2019/01/04 10:3 a.m.7 views

SUSE-SU-2019:13924-1 Security update for mailman

This update for mailman fixes the following issues: - Fixed a XSS vulnerability and information leak in user options CGI, which could be used to execute arbitrary scripts in the user's browser via specially encoded URLs bsc1077358 CVE-2018-5950 - Fixed a directory traversal vulnerability in MTA...

8.8CVSS6.6AI score0.07964EPSS
Exploits4References11
Hacker One
Hacker One
added 2019/01/03 5:42 p.m.32 views

CFP Time: Error Page Content Spoofing or Text Injection

Description: hello sir, i found that one you once you write any thing after / in www.cfptime.org/ is reflected in the error page example go to www.cfptime.org/texthere you will see test here in the 404 error page Steps To Reproduce: 1.go...

6.9AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2018/12/31 12:0 a.m.24 views

SUSE SLES12 Security Update : mailman (SUSE-SU-2018:4296-1)

This update for mailman fixes the following security vulnerabilities : Fixed a XSS vulnerability and information leak in user options CGI, which could be used to execute arbitrary scripts in the user's browser via specially encoded URLs bsc1077358 CVE-2018-5950 Fixed a directory traversal...

8.8CVSS6.5AI score0.07964EPSS
Exploits4References16
OSV
OSV
added 2018/12/28 5:38 p.m.7 views

SUSE-SU-2018:4296-1 Security update for mailman

This update for mailman fixes the following security vulnerabilities: - Fixed a XSS vulnerability and information leak in user options CGI, which could be used to execute arbitrary scripts in the user's browser via specially encoded URLs bsc1077358 CVE-2018-5950 - Fixed a directory traversal...

8.8CVSS6.7AI score0.07964EPSS
Exploits4References11
Hacker One
Hacker One
added 2018/11/06 2:59 a.m.23 views

Hanno's projects: Text injection at https://media.hboeck.de

Text injection possible at https://media.hboeck.de if we craft url like this: https://media.hboeck.de/?c=http://www.example.com We can see the output on web app. Impact Defacement of website by following crafted link...

0.2AI score
Exploits0
Hacker One
Hacker One
added 2018/03/14 10:43 a.m.18 views

MyCrypto: Content Spoofing or Text Injection support.mycrypto.com

w2w reported a text injection attack where the user could be shown arbitrary text injected via query parameters. The MyCrypto team worked with w2w to resolve these issues, and appreciate the responsible disclosure. We look forward to continuing to work with the security community to triage and...

4AI score
Exploits0
Rows per page
Query Builder