Wchat PHP AJAX Chat Script 1.5 - Cross-Site Scripting

Wchat PHP AJAX Chat Script 1.5 - Cross-Site Scripting Exploit Title: Wchat - Fully Responsive PHP AJAX Chat Script 1.5 - Persistent cross site scripting Date: 2018-05-21 Exploit Author: Borna nematzadeh L0RD Vendor Homepage:...

CVE-2018-7465

An XSS issue was discovered in VirtueMart before 3.2.14. All the textareas in the backend of the plugin can be closed by simply adding to the value and saving the product/config. By editing back the product/config, the editor's browser will execute everything after the , leading to a possible XSS...

Cross-site Scripting (XSS)

Simditor is vulnerable to cross-site scripting XSS attacks. The application does not properly sanitize the TEXTAREA element, allowing a malicious user to inject and execute arbitrary Javascript...

Design/Logic Flaw

Simditor v2.3.11 allows XSS via crafted use of svg/onload=alert in a TEXTAREA element, as demonstrated by Firefox 54.0.1...

CVE-2018-6464

Simditor v2.3.11 allows XSS via crafted use of svg/onload=alert in a TEXTAREA element, as demonstrated by Firefox 54.0.1...

CVE-2018-6464

Summary : CVE-2018-6464 affects Simditor v2.3.11, where an attacker can trigger cross-site scripting (XSS) by crafting an SVG onload payload inside a TEXTAREA element, demonstrated with Firefox 54.0.1. The root cause is not explicitly detailed beyond the use of an SVG/onload payload in a TEXTAREA...

Cross-Site Scripting

EasyWidgets is vulnerable to cross-site scripting XSS. The Jinja2 template engine does not escape the TextArea contents, allowing attackers in inject and execute arbitrary code...

Microsoft Internet Explorer 10 MSHTML CElement::GetPlainTextInScope Out-Of-Bounds Read

Throughout November, I plan to release details on vulnerabilities I found in web-browsers which I've not released before. This is the third entry in that series. The below information is also available on my blog at http://blog.skylined.nl/20161103001.html. There you can find a repro that trigger...

Wordpress Avenir-Soft Direct Download Plug-in XSS/CSRF Vulnerabilities

Exploit for php platform in category web applications Exploit Title: Wordpress Avenir-Soft Direct Download Plug-in XSS/CSRF Exploit Author: Ashiyane Digital Security Team Vendor Homepage: https://wordpress.org/plugins/avenirsoft-directdownload/ Date: 2015-08-06 Tested On: Kali Linux - FireFox...

Updated tcl-tcllib packages fix a security vulnerability

Updated tcl-tcllib package fixes security vulnerability: tcllib is vulnerable to a Cross-Site-Scripting XSS issue in html::textarea...

Cross-Site-Scripting (XSS) in tcllib's html::textarea

SektionEins GmbH www.sektioneins.de -= Security Advisory =- Advisory: Cross-Site-Scripting XSS in tcllib's html::textarea Release Date: 26 February 2015 Last Modified: 26 February 2015 Author: Ben Fuhrmannek ben.fuhrmannekatsektioneins.de Application: tcllib - Tcl standard library - versions 1.0....

Fedora 22 : tcllib-1.16-5.fc22 (2015-3075)

Security fix for 'textarea' issue. Also, update to new 1.1.6 version. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing...

Cross-site scripting vulnerability in tcllib'::html::textarea' function

tcllib is a collection of packages for the Tcl programming language, distributed as both source code and precompiled binaries, and supporting a wide range of common operating systems: Windows, BSD, Unix, and Linux. A cross-site scripting vulnerability exists in the tcllib '::html::textarea'...

Tcl 1.16 Cross Site Scripting

SektionEins GmbH www.sektioneins.de -= Security Advisory =- Advisory: Cross-Site-Scripting XSS in tcllib's html::textarea Release Date: 26 February 2015 Last Modified: 26 February 2015 Author: Ben Fuhrmannek ben.fuhrmannekatsektioneins.de Application: tcllib - Tcl standard library - versions 1.0....

CVE-2012-4230

The bbcode plugin in TinyMCE 3.5.8 does not properly enforce the TinyMCE security policy for the 1 encoding directive and 2 validelements attribute, which allows attackers to conduct cross-site scripting XSS attacks via application-specific vectors, as demonstrated using a textarea element...

Cross site scripting

The bbcode plugin in TinyMCE 3.5.8 does not properly enforce the TinyMCE security policy for the 1 encoding directive and 2 validelements attribute, which allows attackers to conduct cross-site scripting XSS attacks via application-specific vectors, as demonstrated using a textarea element...

UBUNTU-CVE-2012-4230

The bbcode plugin in TinyMCE 3.5.8 does not properly enforce the TinyMCE security policy for the 1 encoding directive and 2 validelements attribute, which allows attackers to conduct cross-site scripting XSS attacks via application-specific vectors, as demonstrated using a textarea element...

XSS vulnerability in invite-users-panel.vm [$i18n.getText('easyuser.send.invitations.email.placeholder', [$siteTitle]), line 37]

Panopticon http://panopticon.dyn.syd.atlassian.com/ has detected that the following file contains a XSS vulnerability. This vulnerability has been manually confirmed. File: confluence-plugins/confluence-bundled-plugins/confluence-easyuser-admin/src/main/resources/templates/invite-users-panel.vm...

CMS Balitbang Depdiknas 3.4 HTML Injection

============================================ CMS Balitbang Depdiknas v3.4 HTML Injection ============================================ :----------------------------------------------------------------------------------------------------: : Exploit Title : CMS Balitbang Depdiknas v3.4 HTML Injectio...

Opera Multiple Denial of Service Vulnerabilities - June12 (Linux)

The host is installed with Opera and is prone to multiple denial of service vulnerabilities. OpenVAS Vulnerability Test $Id: gboperamultdosvulnjune12lin.nasl 6018 2017-04-24 09:02:24Z teissa $ Opera Multiple Denial of Service Vulnerabilities - June12 Linux Authors: Sooraj KS Copyright: Copyright ...