XSS vulnerability when listing users on add & modify server pages.

Impact An XSS vulnerability exists in versions of Pterodactyl Panel before 0.7.19. Affected versions do not properly sanitize account names before rendering them to the dropdown selector in the admin area when creating or modifying a server. Patches This XSS has been addressed in 0.7.19 and will ...

forma.lms The E-Learning Suite 2.3.0.2 - Persistent Cross-Site Scripting

Exploit Title: forma.lms The E-Learning Suite 2.3.0.2 - Persistent Cross-Site Scripting Date: 2020-05-15 Exploit Author: Daniel Ortiz Vendor Homepage: https://sourceforge.net/projects/forma/ Software link: https://sourceforge.net/projects/forma/files/latest/download Tested on: XAMPP for Linux 64b...

Forma.LMS The E-Learning Suite 2.3.0.2 Cross Site Scripting

Exploit Title: forma.lms The E-Learning Suite 2.3.0.2 - Persistent Cross-Site Scripting Date: 2020-05-15 Exploit Author: Daniel Ortiz Vendor Homepage: https://sourceforge.net/projects/forma/ Software link: https://sourceforge.net/projects/forma/files/latest/download Tested on: XAMPP for Linux 64b...

School ERP Pro 1.0 - Remote Code Execution Vulnerability

Exploit for php platform in category web applications Exploit Title: School ERP Pro 1.0 - Remote Code Execution Author: Besim ALTINOK Vendor Homepage: http://arox.in Software Link: https://sourceforge.net/projects/school-erp-ultimate/ Version: latest version Tested on: Xampp Credit: İsmail BOZKUR...

CVE-2019-16522

The eu-cookie-law plugin through 3.0.6 for WordPress aka EU Cookie Law GDPR is susceptible to Stored XSS due to improper encoding of several configuration options in the admin area and the displayed cookie consent message. This affects Font Color, Background Color, and the Disable Cookie text. An...

Cross site scripting

The eu-cookie-law plugin through 3.0.6 for WordPress aka EU Cookie Law GDPR is susceptible to Stored XSS due to improper encoding of several configuration options in the admin area and the displayed cookie consent message. This affects Font Color, Background Color, and the Disable Cookie text. An...

CVE-2015-9355

The two-factor-authentication plugin before 1.1.10 for WordPress has XSS in the admin area...

Sql injection

The gigpress plugin before 2.3.11 for WordPress has SQL injection in the admin area, a different vulnerability than CVE-2015-4066...

Authentication flaw

The two-factor-authentication plugin before 1.1.10 for WordPress has XSS in the admin area...

CVE-2015-9355

CVE-2015-9355 affects the WordPress Two Factor Authentication plugin prior to version 1.1.10 and is a stored/reflected XSS vulnerability in the admin area. The vulnerability impacts the plugin’s admin UI, enabling client-side code execution. Public references (NVD, RH, CNVD, CVE lists) consistent...

CVE-2015-9355

The two-factor-authentication plugin before 1.1.10 for WordPress has XSS in the admin area...

CVE-2015-9353

Affected software: WordPress GigPress plugin (before 2.3.11). Vulnerability: SQL injection in the admin area. Root cause: Improper handling of input in admin/handlers.php via the show_artist_id or show_venue_id parameters in an add action (gigpress.php) to wp-admin/admin.php. Impact: Remote authe...

CVE-2018-20982

The media-library-assistant plugin before 2.74 for WordPress has XSS via the Media/Assistant or Settings/Media Library assistant admin submenu screens...

KBPublisher 6.0.2.1 SQL Injection

=============================== - Advisory - =============================== Tittle: KBPublisher 6.0.2.1 - Multiple SQL Injection Risk: High Date: 21.Aug.2019 Author: Pedro Andujar Twitter: @pandujar .: INTRO : KBPublisher is Knowledge Management Software. It reduces the need for customer support...

Live Chat Unlimited <= 2.8.3 - Stored Cross-Site Scripting (XSS)

Weak security measures like bad input field data filtering has been discovered in the 'Live Chat Unlimited'. Go to the demo website https://screets.com/try/lcx/night-bird/ and open chat window by clicking on «Open/close» link, then click on «Online mode» to go online. Use your payload inside inpu...

WordPress iLive 1.0.4 Cross Site Scripting

Exploit Title: iLive - Intelligent WordPress Live Chat Support Plugin v1.0.4 Stored XSS Injection Google Dork: - Date: 2019/06/25 Exploit Author: m0ze Vendor Homepage: http://www.ilive.wpapplab.com/ Software Link: https://codecanyon.net/item/ilive-wordpress-live-chat-support-plugin/20496563...

WordPress Live Chat Unlimited 2.8.3 Cross Site Scripting

Exploit Title: Live Chat Unlimited v2.8.3 Stored XSS Injection Google Dork: inurl:"wp-content/plugins/screets-lcx" Date: 2019/06/25 Exploit Author: m0ze Vendor Homepage: https://screets.com/ Software Link: https://codecanyon.net/item/wordpress-live-chat-plugin/3952877 Version: 2.8.3 Tested on:...

iLive <= 1.0.4 - Stored Cross-Site Scripting (XSS)

Info: Weak security measures like bad textarea data filtering has been discovered in the 'iLive - Intelligent WordPress Live Chat Support Plugin'. Current version of this premium WordPress plugin is 1.0.4. Demo Website: https://codecanyon.net/item/ilive-wordpress-live-chat-support-plugin/20496563...

WordPress Plugin iLive 1.0.4 - Cross-Site Scripting

Exploit Title: iLive - Intelligent WordPress Live Chat Support Plugin v1.0.4 Stored XSS Injection Google Dork: - Date: 2019/06/25 Exploit Author: m0ze Vendor Homepage: http://www.ilive.wpapplab.com/ Software Link: https://codecanyon.net/item/ilive-wordpress-live-chat-support-plugin/20496563...

CVE-2019-7171

A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/blocks/blocks/edit/8...