46 matches found
Design/Logic Flaw
In Wicket jQuery UI 6.28.0 and earlier, 7.9.1 and earlier, and 8.0.0-M8 and earlier, a security issue has been discovered in the WYSIWYG editor that allows an attacker to submit arbitrary JS code to WYSIWYG editor...
CVE-2017-15719
In Wicket jQuery UI 6.28.0 and earlier, 7.9.1 and earlier, and 8.0.0-M8 and earlier, a security issue has been discovered in the WYSIWYG editor that allows an attacker to submit arbitrary JS code to WYSIWYG editor...
CVE-2017-15719
In Wicket jQuery UI 6.28.0 and earlier, 7.9.1 and earlier, and 8.0.0-M8 and earlier, a security issue has been discovered in the WYSIWYG editor that allows an attacker to submit arbitrary JS code to WYSIWYG editor...
CVE-2017-15719
In Wicket jQuery UI 6.28.0 and earlier, 7.9.1 and earlier, and 8.0.0-M8 and earlier, a security issue has been discovered in the WYSIWYG editor that allows an attacker to submit arbitrary JS code to WYSIWYG editor...
Starbucks: Reflected XSS on https://www.starbucks.co.uk/shop/paymentmethod/ (bypass for 227486)
Hi guys, I am now able to prove my concerns from 227486 see my last comment. "s are still not correctly encoded when rendered into the page in the element on almost any https://starbucks.co.uk/ page. The WAF is bypassed by encoding "s as %2522 in the URL path. This won't work when the payload is...
SMF 1.1.7 Cross Site Scripting
SMF 1.1.7 simplemachines.org XSS Exploitation: If you can modify the censor on a SMF forum, then you can make it execute arbitrary JS code. http://SMF.Forum.com/index.php?action=postsettings;sa=censor Just add the following entry: http://www.test.xss/ = http://www.test-xss/"...