60 matches found
WordPress CleanTalk Plugin < 5.127.4 XSS Vulnerability
The WordPress plugin SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.113568";...
Cross-Site Scripting (XSS)
intelliants/subrion is vulnerable to cross-site scripting XSS. A remote attacker is able to inject arbitary Javascript into a victim's browser via the name, email and phone parameter in the contacts page...
Cross site scripting
Cross-Site Scripting XSS vulnerability in adm/smsadmin/numbookwrite.php and adm/smsadmin/numbookupdate.php in gnuboard5 before 5.3.1.6 allows remote attackers to inject arbitrary web script or HTML...
Cross site scripting
The application OpenEMR is affected by multiple reflected & stored Cross-Site Scripting XSS vulnerabilities affecting version 5.0.0 and prior versions. These vulnerabilities could allow remote authenticated attackers to inject arbitrary web script or HTML...
CVE-2016-4892
Cross-site scripting vulnerability in SetsucoCMS all versions allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
BZR Player 1.03 DLL Hijacking
/ + Author: TUNISIAN CYBER + Exploit Title: BZR Player 1.03 DLL Hijacking + Date: 29-03-2015 + Type: Local Exploits + Vendor: http://bzrplayer.blazer.nu/ + Tested on: WinXp/Windows 7 Pro + Friendly Sites: sec4ever.com + Twitter: @TCYB3R + gcc -shared -o DLLNAMEchoose one from the lis below.dll...
CVE-2015-1058
Multiple cross-site scripting XSS vulnerabilities in AdaptCMS 3.0.3 allow remote attackers to inject arbitrary web script or HTML via the 1 dataCategorytitle parameter to admin/categories/add, 2 dataFieldtitle parameter to admin/fields/ajaxfields/, 3 name property in a basicInfo JSON object to...
FreePBX - 'config.php' Remote Code Execution (Metasploit)
This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 "FreePBX config.php Remote Code Execution", 'Description' = %q This module exploits a vulnerability found in FreePBX version 2.9, 2.10...
CVE-2013-4519
Multiple cross-site scripting XSS vulnerabilities in Review Board 1.6.x before 1.6.21 and 1.7.x before 1.7.17 allow remote attackers to inject arbitrary web script or HTML via the 1 Branch field or 2 caption of an uploaded file...
HTCSyncManagerUpdate DLL Hijacking
Exploit Title: HTCSyncManagerUpdate quserex.dll & mfc71enu.dll & mfc71loc.dll Path Subversion Arbitrary DLL Injection Code Execution Author: IranianDarkCodersTeam Discovered by A.CH12 Software Link: http://www.htc.com/ Version: 2.1.46.0 Tested on: Windows 7 //...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in the sedimport function in system/functions.php in Neocrome Seditio build 160 and 161 allow remote attackers to inject arbitrary web script or HTML via the 1 newmsg or 2 rtext parameter. NOTE: some of these details are obtained from third party...
Cross site scripting
Cross-site scripting XSS vulnerability in the administrative interface in the Better Revisions module 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with the "administer better revisions" permission to inject arbitrary web script or HTML via unspecified vectors...
CVE-2012-2872
Cross-site scripting XSS vulnerability in an SSL interstitial page in Google Chrome before 21.0.1180.89 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
phpScheduleIt PHP reserve.php start_date Parameter Arbitrary Injection
Exploit for php platform in category web applications $Id: phpscheduleitstartdate.rb 14073 2011-10-26 18:06:12Z sinn3r $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more informatio...
Cross site scripting
Cross-site scripting XSS vulnerability in Liferay Portal Community Edition CE 5.x and 6.x before 6.0.6 GA allows remote authenticated users to inject arbitrary web script or HTML via a blog title...
CVE-2007-6659
Multiple cross-site scripting XSS vulnerabilities in 2z project 0.9.6.1 allow remote attackers to inject arbitrary web script or HTML via the 1 contentshort or 2 contentfull parameter in an addnews action to the default URI; 3 the content parameter in a pm write action to 2z/admin.php; 4 the...
CVE-2007-6001
Multiple cross-site scripting XSS vulnerabilities in index.php in Bandersnatch 0.4 allow remote attackers to inject arbitrary web script or HTML via the 1 func or 2 date parameter, or the jid parameter in a 3 log or 4 user action, a different vulnerability than CVE-2007-3910...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in index.php in Phormer 3.31 allow remote attackers to inject arbitrary web script or HTML via the 1 u, 2 p, 3 c, and 4 s parameters, and other unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained sole...
CVE-2006-3030
Multiple cross-site scripting XSS vulnerabilities in DwZone Shopping Cart 1.1.9 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 ToCategory and 2 FromCategory parameters to a ProductDetailsForm.asp and 3 UserName and 4 Password parameters to b...
Cross site scripting
Cross-site scripting XSS vulnerability in add.asp in Hogstorps hogstorp guestbook 2.0 allows remote attackers to inject arbitrary web script or HTML via the 1 name, 2 email, and 3 headline parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third...