19 matches found
EUVD-2021-14522
Malware in sbrugna...
EUVD-2023-31750
Malicious code in bioql PyPI...
CVE-2023-28025
Due to this vulnerability, the Master operator could potentially incorporate an SVG tag into HTML, leading to an alert pop-up displaying a cookie. To mitigate stored XSS vulnerabilities, a preventive measure involves thoroughly sanitizing and validating all user inputs before they are processed a...
Cross site scripting
Due to this vulnerability, the Master operator could potentially incorporate an SVG tag into HTML, leading to an alert pop-up displaying a cookie. To mitigate stored XSS vulnerabilities, a preventive measure involves thoroughly sanitizing and validating all user inputs before they are processed a...
CVE-2023-28025
CVE-2023-28025 affects HCL Technologies BigFix Mobile / Modern Client Management (including v3.1 and prior per multiple sources). The issue is a stored XSS via the ability to inject an SVG tag into HTML, resulting in an alert cookie pop-up. Root cause is improper input handling that allows SVG ma...
CVE-2023-28025 An HTML injection vulnerability can affect HCL BigFix Mobile / Modern Client Management
Due to this vulnerability, the Master operator could potentially incorporate an SVG tag into HTML, leading to an alert pop-up displaying a cookie. To mitigate stored XSS vulnerabilities, a preventive measure involves thoroughly sanitizing and validating all user inputs before they are processed a...
Stored XSS
Description The Name field in Edit Profile page is vulnerable to Stored XSS. 1. Navigate to https://demo.azuracast.com/ and login 2. Navigate to my account page 3. Click edit profile 4. Change the user name to the below payload 5. Every page of the application will now display an alert pop up on...
CVE-2021-27781
The Master operator may be able to embed script tag in HTML with alert pop-up display cookie...
Code injection
The Master operator may be able to embed script tag in HTML with alert pop-up display cookie...
CVE-2021-27781
CVE-2021-27781 affects HCL Technologies BigFix Mobile/Modern Client Management (1.x and 2.0). The issue is a stored cross-site scripting vulnerability that allows embedding a script tag in HTML to trigger an alert pop-up displaying a cookie. Descriptions across multiple sources label this as a st...
CVE-2021-27781 HCL BigFix Mobile / Modern Client Management is vulnerable to stored cross-site scripting
The Master operator may be able to embed script tag in HTML with alert pop-up display cookie...
Cross-site Scripting (XSS) - Reflected in effgarces/bookedscheduler
Setup the Booked Scheduler locally.URL like the following. http://192.168.5.5/phpsch/ Attcker 2. Login as valid user. 3. Make an reservation from the dashboard. 4. Open the information you reserved.URL like the following http://192.168.5.5/Web/reservation.php?rn=62020af2eee4d833634703 5. The...
Kimai 2 - Persistent Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: Kimai 2- persistent cross-site scripting XSS Exploit Author: osamaalaa Vendor Homepage: link Software Link: https://github.com/kevinpapst/kimai2 Fixed on Github : https://github.com/kevinpapst/kimai2/pull/962 Version: 2 1-Normal...
Kimai 2 - Persistent Cross-Site Scripting
Exploit Title: Kimai 2- persistent cross-site scripting XSS Date: 07/15/2019 Exploit Author: osamaalaa Vendor Homepage: link Software Link: https://github.com/kevinpapst/kimai2 Fixed on Github : https://github.com/kevinpapst/kimai2/pull/962 Version: 2 1-Normal user will try to add timesheet from...
CVE-2019-1010235
Frog CMS 1.1 is affected by: Cross Site Scripting XSS. The impact is: Cookie stealing, Alert pop-up on page, Redirecting to another phishing site, Executing browser exploits. The component is: Snippets...
Cross site scripting
Frog CMS 1.1 is affected by: Cross Site Scripting XSS. The impact is: Cookie stealing, Alert pop-up on page, Redirecting to another phishing site, Executing browser exploits. The component is: Snippets...
CVE-2019-1010235
Summary of CVE-2019-1010235 : Frog CMS 1.1 is affected by a Cross-Site Scripting (XSS) vulnerability in the Snippets component. The fault is described in CNVD-2019-23999 as a lack of proper validation of client-side data, enabling attackers to execute client-side code. Reported impacts include co...
Slack: Store XSS
Hello Team. I found a Store XSS. Where the company name is the vulnerable to XSS. If you give this below XSS script as Company name, you will get the XSS pop up after the login in message option where it'll randomly generated at the message room. “ Here is the POC: https://youtu.be/dqrH2WhIgtk...
OmniHTTPd test.shtml Cross-Site Scripting Issue
OmniHTTPd's Test.shtml sample is also vulnerable to a similar issue: http://localhost/test.shtml?3CSCRIPT3Ealertdocument.URL3C2FSCRIPT3E=x Will pop up an alert containing the above URL. Of course, this has other uses cookie theft, faking sources, etc...