10 matches found
CVE-2025-59542 Chamilo: Account Takeover via Stored XSS in Course Learning Paths
Chamilo is a learning management system. Prior to version 1.11.34, there is a stored cross-site scripting XSS vulnerability. By injecting malicious JavaScript into the course learning path Settings field, an attacker with a low-privileged account e.g., trainer can execute arbitrary JavaScript cod...
CVE-2024-49397
The affected product is vulnerable to a cross-site scripting attack which may allow an attacker to bypass authentication and takeover admin accounts...
CVE-2023-33534
A Cross-Site Request Forgery CSRF in Guanzhou Tozed Kangwei Intelligent Technology ZLTS10G software version S10G3.11.6 allows attackers to takeover user accounts via sending a crafted POST request to /goform/goformsetcmdprocess...
Stripe: Mass Accounts Takeover Without any user Interaction at https://app.taxjar.com/
@mrasg discovered an improper access control issue in TaxJar. This could have allowed for account takeover using the email change functionality. The vulnerability was caused by not correctly validating whether or not the reset password token was connected to the user being reset and was resolved ...
Johnson Controls Metasys
1. EXECUTIVE SUMMARY CVSS v3 8.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: Johnson Controls, Inc. Equipment: Metasys ADS/ADX/OAS Servers Vulnerability: Unverified Password Change 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an authenticated user...
How An Image Could've Let Attackers Hack Microsoft Teams Accounts
Microsoft has patched a worm-like vulnerability in its Teams workplace video chat and collaboration platform that could have allowed attackers to take over an organization's entire roster of Teams accounts just by sending participants a malicious link to an innocent-looking image. The flaw,...
iScripts MultiCart <= 2.4 - Persistent XSS / CSRF / XSS+CSRF Mass Accounts takeover
No description provided by source. Exploit Title : iScripts MultiCart = 2.4 Persistent XSS / CSRF / XSS+CSRF Account takeover Date : 2013/12/14 Exploit Author : Saadat Ullah ? saadilinuxatrocketmaildotcom Software Link : http://www.iscripts.com Author HomePage: http://security-geeks.blogspot.com...
iScripts MultiCart <= 2.4 - Persistent XSS / CSRF / XSS+CSRF Mass Accounts takeover
Exploit for php platform in category web applications Exploit Title : iScripts MultiCart same product id for which you submited the review. Cross-site request forgery form nam...
iScripts MultiCart 2.4 - Persistent Cross-Site Scripting Cross-Site Request Forgery Cross-Site Scripting Cross-Site Request Forgery Mass Accounts Takeover
iScripts MultiCart 2.4 - Persistent Cross-Site Scripting Cross-Site Request Forgery Cross-Site Scripting Cross-Site Request Forgery Mass Accounts Takeover Exploit Title : iScripts MultiCart same product id for which you submited the review. Cross-site request forgery body...
iScripts MultiCart 2.4 - Persistent Cross-Site Scripting / Cross-Site Request Forgery / Cross-Site Scripting / Cross-Site Request Forgery / Mass Accounts Takeover
Exploit Title : iScripts MultiCart same product id for which you submited the review. Cross-site request forgery input type=hidden size=30 maxl...