at.chrl:chrl-jms (=1.1.0), at.researchstudio.sat:won-core (>=0.2 <=0.9) +273 more potentially affected by CVE-2015-1830 via org.apache.activemq:activemq-client (>=5.10.0 <=5.11.1)

org.apache.activemq:activemq-client MAVEN version =5.10.0, =0.2, =0.3, =0.2, =0.2, =0.3, =0.3, =0.3, =0.3, =0.3, =0.2, =0.3, =0.3, =0.6 - at.researchstudio.sat:won-owner =0.3 - at.researchstudio.sat:won-owner-webapp =0.3 and more Source cves: CVE-2015-1830 Source advisory: OSV:GHSA-3V63-F83X-37X4...

GHSA-PRC3-7F44-W48J Missing XML Validation in Apache Tomcat

Apache Tomcat before 6.0.40, 7.x before 7.0.54, and 8.x before 8.0.6 does not properly constrain the class loader that accesses the XML parser used with an XSLT stylesheet, which allows remote attackers to 1 read arbitrary files via a crafted web application that provides an XML external entity...

berkano:bean-displaytag (>=20050615.234814 <=20050616.015551), berkano:berkano-util (>=20050725.114415 <=dev-20050723) +28 more potentially affected by CVE-2007-4556 via opensymphony:xwork (>=1.0.3 <=1.2.2)

opensymphony:xwork MAVEN version =1.0.3, =20050615.234814, =20050725.114415, =2.1.5, =1.1.3, =1.0-alpha-1, =1.1-beta-1, =1.1-beta-1, =1.0-beta-2, =1.0-beta-3 - org.codehaus.jet:jet-web-engine =1.0-beta-2 and more Source cves: CVE-2007-4556 Source advisory: OSV:GHSA-H7MF-QRM9-2848...

CVE-2022-24799

wire-webapp is the web application interface for the wire messaging service. Insufficient escaping in markdown “code highlighting” in the wire-webapp resulted in the possibility of injecting and executing arbitrary HTML code and thus also JavaScript. If a user receives and views such a malicious...

Design/Logic Flaw

wire-webapp is the web application interface for the wire messaging service. Insufficient escaping in markdown “code highlighting” in the wire-webapp resulted in the possibility of injecting and executing arbitrary HTML code and thus also JavaScript. If a user receives and views such a malicious...

CVE-2022-24799 Cross Site Scripting in Wire Webapp

wire-webapp is the web application interface for the wire messaging service. Insufficient escaping in markdown “code highlighting” in the wire-webapp resulted in the possibility of injecting and executing arbitrary HTML code and thus also JavaScript. If a user receives and views such a malicious...

CVE-2022-24799

CVE-2022-24799 describes a cross-site scripting vulnerability in Wire Webapp caused by insufficient escaping of markdown code highlighting, allowing execution of arbitrary HTML/JavaScript in the victim’s browser. Affected: wire-webapp and connected Wire desktop clients. Impact per description: at...

CVE-2022-24799 Cross Site Scripting in Wire Webapp

wire-webapp is the web application interface for the wire messaging service. Insufficient escaping in markdown “code highlighting” in the wire-webapp resulted in the possibility of injecting and executing arbitrary HTML code and thus also JavaScript. If a user receives and views such a malicious...

CVE-2022-24799 Cross Site Scripting in Wire Webapp

wire-webapp is the web application interface for the wire messaging service. Insufficient escaping in markdown “code highlighting” in the wire-webapp resulted in the possibility of injecting and executing arbitrary HTML code and thus also JavaScript. If a user receives and views such a malicious...

Wire 跨站脚本漏洞

Wire is a chat program from the German company Wire. The program supports Web, WindowsiOS, Android, and OS X platforms, has a group feature, allows voice calls, sends photos, and its original way of saying hello, PING. A cross-site scripting vulnerability exists in the Wire webapp, which stems fr...

minewebcms 1.15.2 Cross Site Scripting

Exploit Title: minewebcms 1.15.2 - Cross-site Scripting XSS Google Dork: NA Date: 02/20/2022 Exploit Author: Chetanya Sharma @AggressiveUser Vendor Homepage: https://mineweb.org/ Software Link: https://github.com/mineweb/minewebcms Version: 1.15.2 Tested on: KALI OS CVE : CVE-2022-1163...

Cab Management System 1.0 SQL Injection

Exploit Title: Cab Management System 1.0 - 'id' SQLi Authenticated Exploit Author: Alperen Ergel Contact: @alpernae IG/TW Software Homepage: https://www.sourcecodester.com/php/15180/cab-management-system-phpoop-free-source-code.html Version : 1.0 Tested on: windows 10 xammp | Kali linux Category:...

Cab Management System 1.0 Remote Code Execution

Exploit Title: Cab Management System 1.0 - Remote Code Execution RCE Authenticated Exploit Author: Alperen Ergel Contact: @alpernae IG/TW Software Homepage: https://www.sourcecodester.com/php/15180/cab-management-system-phpoop-free-source-code.html Version : 1.0 Tested on: windows 10 xammp | Kali...

Cab Management System 1.0 - (id) SQL injection (Authenticated) Vulnerability

Exploit Title: Cab Management System 1.0 - 'id' SQLi Authenticated Exploit Author: Alperen Ergel Contact: @alpernae IG/TW Software Homepage: https://www.sourcecodester.com/php/15180/cab-management-system-phpoop-free-source-code.html Version : 1.0 Tested on: windows 10 xammp | Kali linux Category:...

Cab Management System 1.0 - Remote Code Execution (Authenticated) Vulnerability

Exploit Title: Cab Management System 1.0 - Remote Code Execution RCE Authenticated Exploit Author: Alperen Ergel Contact: @alpernae IG/TW Software Homepage: https://www.sourcecodester.com/php/15180/cab-management-system-phpoop-free-source-code.html Version : 1.0 Tested on: windows 10 xammp | Kali...

Cab Management System 1.0 - Remote Code Execution (RCE) (Authenticated)

Exploit Title: Cab Management System 1.0 - Remote Code Execution RCE Authenticated Exploit Author: Alperen Ergel Contact: @alpernae IG/TW Software Homepage: https://www.sourcecodester.com/php/15180/cab-management-system-phpoop-free-source-code.html Version : 1.0 Tested on: windows 10 xammp | Kali...

Cross-site Scripting (XSS) - Stored

Description Stored cross-site scripting also known as second-order or persistent XSS arises when an application receives data from an untrusted source and includes that data within its later HTTP responses in an unsafe way. Proof of Concept Steps to Reproduce:- = Install the WebApp and Setup it =...

Arbitrary file deletion in NeMo ASR webapp

Description NVIDIA NeMo contains a vulnerability in ASR WebApp, where Relative Path Traversal CWE-23 may lead to deletion of any directory through the "../" structure when admin privileges are available. CVSS Score = 2.0...

GHSA-RPX7-33J2-XX9X Arbitrary file deletion in NeMo ASR webapp

Description NVIDIA NeMo contains a vulnerability in ASR WebApp, where Relative Path Traversal CWE-23 may lead to deletion of any directory through the "../" structure when admin privileges are available. CVSS Score = 2.0...

Accounting Journal Management System 1.0 SQL Injection

Exploit Title: Accounting Journal Management System 1.0 - 'id' SQLi Authenticated Exploit Author: Alperen Ergel Contact: @alpernae IG/TW Software Homepage: https://www.sourcecodester.com/php/15155/accounting-journal-management-system-trial-balance-php-free-source-code.html Version : 1.0 Tested on...