30 matches found
Leafpub 1.1.9 - Stored XSS Vulnerability
Leafpub 1.1.9 - Stored Cross-Site Scripting XSS Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://github.com/Leafpub Software Link: https://github.com/Leafpub/leafpub Version: 1.1.9 Tested on: MacOS Steps to Reproduce - Please login from this address: http://localhost/leafpub/admin/login...
PT-2023-25502 · Unknown · Prestashop
Name of the Vulnerable Software and Affected Versions: Prestashop opartlimitquantity versions 1.4.5 and earlier Description: The issue concerns sensitive SQL calls in the OpartlimitquantityAlertlimitModuleFrontController::displayAjaxPushAlertMessage function that can be executed with a trivial HT...
U.S. Dept Of Defense: Reflected XSS at ████████
A reflected cross-site scripting XSS vulnerability was discovered in the dochelper feature of a certain domain. An attacker could inject a crafted script into the userId parameter, which would execute when the victim user accessed the page, potentially allowing the attacker to steal the victim's...
Country Selector < 1.6.6 - Reflected Cross-Site Scripting
The plugin does not sanitise and escape the country and lang parameters before outputting them back in the response, leading to a Reflected Cross-Site Scripting " / " /...
Observium Cross-Site Scripting Vulnerability (CNVD-2020-54791)
Observium is a low-maintenance auto-discovery network monitoring platform that supports multiple device types, platforms and operating systems. Observium suffers from a cross-site scripting vulnerability. An attacker can exploit this vulnerability to inject and store malicious JavaScript code via...
CVE-2020-25137
An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting XSS due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur via the alertname or alertmessage parameter to the...
GHSA-R3XC-47QG-H929 Cross-Site Scripting in @ionic/core
Versions of @ionic/core prior to 4.0.3, 4.1.3, 4.2.1 or 4.3.1 are vulnerable to Cross-Site Scripting XSS. The package uses the unsafe innerHTML function without sanitizing input, which may allow attackers to execute arbitrary JavaScript on the victim's browser. This issue affects the components: ...
Remote Code Execution (RCE)
reddiscordbot is vulnerable to remote code execution RCE. The vulnerability exists through the value of mentionstr being formatted in the "going live" alertmsg message found in the Streams module, allowing an attacker to inject and execute arbitrary code via the affected parameter...
CVE-2019-9807
When arbitrary text is sent over an FTP connection and a page reload is initiated, it is possible to create a modal alert message with this text as the content. This could potentially be used for social engineering attacks. This vulnerability affects Firefox 66...
CVE-2019-9807
CVE-2019-9807 affects Firefox prior to 66.0. When arbitrary text is sent over an FTP connection and a page reload is initiated, Firefox could display a modal alert containing that text, enabling potential social engineering. Affected product: Firefox (pre-66). Root cause described in connected so...
CVE-2019-9807
When arbitrary text is sent over an FTP connection and a page reload is initiated, it is possible to create a modal alert message with this text as the content. This could potentially be used for social engineering attacks. This vulnerability affects Firefox 66...
fundacaogrupoboticario.org.br XSS vulnerability
Open Bug Bounty ID: OBB-639510 Description| Value ---|--- Affected Website:| fundacaogrupoboticario.org.br Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
tetrasociety.org XSS vulnerability
Open Bug Bounty ID: OBB-564720 Description| Value ---|--- Affected Website:| tetrasociety.org Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
expressmedicalsupplies.com XSS vulnerability
Open Bug Bounty ID: OBB-385315 Description| Value ---|--- Affected Website:| expressmedicalsupplies.com Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS...
penseurope.com XSS vulnerability
Vulnerable URL: http://www.penseurope.com/chfr/searchprod.asp?search=%22%3E%3Cscript%3Ealert%27OPENBUGBOUNTY%27%3C/script%3E%3C%22 Details: Description| Value ---|--- Patched:| Yes, at 27.07.2017 Latest check for patch:| 27.07.2017 22:55 GMT Vulnerability type:| XSS Vulnerability status:| Publicl...
mylifestyle.my XSS vulnerability
Vulnerable URL: http://mylifestyle.my/error.asp?msg=%3Cscript%3Ealert%27OPENBUGBOUNTY%27%3C/script%3E Details: Description| Value ---|--- Patched:| No Latest check for patch:| 27.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 2577932 VIP website status:| No...
cvkeskus.ee XSS vulnerability
Vulnerable URL: http://www.cvkeskus.ee/ec/assets/evercookie.swf?everdata=%27;alert/XSSPOSED/;var%20evercookieflashvar=1// Details: Description| Value ---|--- Patched:| No Latest check for patch:| 30.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 57269 VIP...
sports.ksponco.or.kr XSS vulnerability
Open Bug Bounty ID: OBB-153382 Description| Value ---|--- Affected Website:| sports.ksponco.or.kr Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
anatoliatupbebek.com.tr XSS vulnerability
Vulnerable URL: http://www.anatoliatupbebek.com.tr/tema/video/flashmediaelement.swf?jsinitfunctio%gn=alertOPENBUGBOUNTY Details: Description| Value ---|--- Patched:| No Latest check for patch:| 30.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 4670382 VIP...
OpenSSL - Padding Oracle in AES-NI CBC MAC Check
OpenSSL - Padding Oracle in AES-NI CBC MAC Check Source: http://web-in-security.blogspot.ca/2016/05/curious-padding-oracle-in-openssl-cve.html TLS-Attacker: https://github.com/RUB-NDS/TLS-Attacker https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/39768.zip You can...