django-unicorn 0.35.3 Cross Site Scripting

Exploit Title: django-unicorn 0.35.3 - Stored Cross-Site Scripting XSS Date: 10/7/21 Exploit Author: Raven Security Associates, Inc. ravensecurity.net Software Link: https://pypi.org/project/django-unicorn/ Version: = 0.35.3 CVE: CVE-2021-42053 django-unicorn = 0.35.3 suffers from a stored XSS...

django-unicorn 0.35.3 - Stored Cross-Site Scripting Vulnerability

Exploit Title: django-unicorn 0.35.3 - Stored Cross-Site Scripting XSS Exploit Author: Raven Security Associates, Inc. ravensecurity.net Software Link: https://pypi.org/project/django-unicorn/ Version: = 0.35.3 CVE: CVE-2021-42053 django-unicorn = 0.35.3 suffers from a stored XSS vulnerability by...

CVE-2021-24652 PostX Gutenberg Blocks for Post Grid < 2.4.10 - Missing Access Controls

The PostX – Gutenberg Blocks for Post Grid WordPress plugin before 2.4.10 performs incorrect checks before allowing any logged in user to perform some ajax based requests, allowing any user to modify, delete or add ultpoptions values...

CVE-2021-24652

CVE-2021-24652 (PostX – Gutenberg Blocks for Post Grid) affects the WordPress plugin PostX – Gutenberg Blocks for Post Grid, prior to version 2.4.10. The vulnerability arises from missing/incorrect access controls in certain AJAX requests, allowing any logged-in user to modify, delete, or add val...

CVE-2021-38323

The RentPress WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the selections parameter found in the /src/rentPress/AjaxRequests.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 6.6.4...

PostX Gutenberg Blocks for Post Grid < 2.4.10 - Missing Access Controls

The plugin performs incorrect checks before allowing any logged in user to perform some ajax based requests, allowing any user to modify, delete or add ultpoptions values. PoC You can run this from a browser's javascript console:...

CVE-2021-32671

Flarum is a forum software for building communities. Flarum's translation system allowed for string inputs to be converted into HTML DOM nodes when rendered. This change was made after v0.1.0-beta.16 our last beta before v1.0.0 and was not noticed or documented. This allowed for any user to type...

CVE-2021-32671 XSS vulnerability with translator

Flarum is a forum software for building communities. Flarum's translation system allowed for string inputs to be converted into HTML DOM nodes when rendered. This change was made after v0.1.0-beta.16 our last beta before v1.0.0 and was not noticed or documented. This allowed for any user to type...

h1-ctf: [hacky-holidays] Grinch network is down

Flag 1 As always CTF begins with a tweet: F1126838 So we are supposed to start from https://hackyholidays.h1ctf.com/ . The first flag was easy on https://hackyholidays.h1ctf.com/ I found a file named robots.txt which had the following content: User-agent: Disallow: /s3cr3t-ar3a Flag:...

Cross-site Scripting (XSS)

prestashop/productcomments is vulnerable to cross-site scripting XSS. An attacker is able to inject malicious scripts into the users' web browsers using ajax requests...

WordPress Plugin Helpful 2.4.11 - SQL Injection

Title: Helpful 2.4.11 Sql Injection - Wordpress Plugin Version : 2.4.11 Software Link : https://wordpress.org/plugins/helpful/ Date of found: 10.04.2019 Author: Numan Türle core/Core.class.php // Ajax requests: pro addaction 'wpajaxhelpfulajaxpro', array $this, 'helpfulajaxpro' ; // set args for...

Security Bulletin: JavaScript vulnerability affects IBM Sterling B2B Integrator (CVE-2008-7220)

Summary An unspecified error in the Prototype JavaScript framework prototype.js, as used in multiple products, could allow a remote attacker to conduct cross-site Ajax requests using unknown attack vectors. Note: This vulnerability affects the ajax based manager interface, ajamdemo.html, in certa...

Oracle Mojarra JSF / Eclipse Mojarra JSF 2.2 / 2.3 Cross Site Scripting Vulnerability

Exploit for java platform in category web applications ======================================================================= title: Reflected Cross-Site Scripting XSS product: Oracle Mojarra JSF included in Java EE 7 Eclipse Mojarra JSF vulnerable version: 2.2 & 2.3 fixed version:...

CVE-2018-19487

The WP-jobhunt plugin before version 2.4 for WordPress does not control AJAX requests sent to the csemployerajaxprofile function through the admin-ajax.php file, which allows remote unauthenticated attackers to enumerate information about users...

Code injection

The WP-jobhunt plugin before version 2.4 for WordPress does not control AJAX requests sent to the csemployerajaxprofile function through the admin-ajax.php file, which allows remote unauthenticated attackers to enumerate information about users...

CVE-2018-19487

The WP-jobhunt plugin before version 2.4 for WordPress does not control AJAX requests sent to the csemployerajaxprofile function through the admin-ajax.php file, which allows remote unauthenticated attackers to enumerate information about users...

FreeBSD : rt -- XSS via jQuery (416ca0f4-3fe0-11e9-bbdd-6805ca0b3d42)

BestPractical reports : The version of jQuery used in RT 4.2 and 4.4 has a Cross-site Scripting XSS vulnerability when using cross-domain Ajax requests. This vulnerability is assigned CVE-2015-9251. RT does not use this jQuery feature so it is not directly vulnerable. jQuery version 1.12 no longe...

rt -- XSS via jQuery

BestPractical reports: The version of jQuery used in RT 4.2 and 4.4 has a Cross-site Scripting XSS vulnerability when using cross-domain Ajax requests. This vulnerability is assigned CVE-2015-9251. RT does not use this jQuery feature so it is not directly vulnerable. jQuery version 1.12 no longer...

JobCareer < 2.4.1 - User enumeration & Reset password

The theme used a vulnerable version of the WP-jobhunt plugin affected by the issues below: CVE-2018-19487: The WP-jobhunt plugin before version 2.4 for WordPress does not control AJAX requests sent to the csemployerajaxprofile function through the admin-ajax.php file, which allows remote...

GHSA-5J2H-H5HG-3WF8 Cross-site request forgery in Django

Django 1.1.x before 1.1.4 and 1.2.x before 1.2.5 does not properly validate HTTP requests that contain an X-Requested-With header, which makes it easier for remote attackers to conduct cross-site request forgery CSRF attacks via forged AJAX requests that leverage a "combination of browser plugins...