Lucene search
K

46 matches found

Prion
Prion
added 2018/03/12 1:29 p.m.20 views

Design/Logic Flaw

In Wicket jQuery UI 6.28.0 and earlier, 7.9.1 and earlier, and 8.0.0-M8 and earlier, a security issue has been discovered in the WYSIWYG editor that allows an attacker to submit arbitrary JS code to WYSIWYG editor...

4.3CVSS6.3AI score0.00905EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2018/03/12 1:29 p.m.31 views

CVE-2017-15719

In Wicket jQuery UI 6.28.0 and earlier, 7.9.1 and earlier, and 8.0.0-M8 and earlier, a security issue has been discovered in the WYSIWYG editor that allows an attacker to submit arbitrary JS code to WYSIWYG editor...

6.1CVSS6.4AI score0.00905EPSS
Exploits0References2
OSV
OSV
added 2018/03/12 1:29 p.m.26 views

CVE-2017-15719

In Wicket jQuery UI 6.28.0 and earlier, 7.9.1 and earlier, and 8.0.0-M8 and earlier, a security issue has been discovered in the WYSIWYG editor that allows an attacker to submit arbitrary JS code to WYSIWYG editor...

6.1CVSS6.6AI score0.00905EPSS
Exploits0References2
Cvelist
Cvelist
added 2018/03/12 1:0 p.m.31 views

CVE-2017-15719

In Wicket jQuery UI 6.28.0 and earlier, 7.9.1 and earlier, and 8.0.0-M8 and earlier, a security issue has been discovered in the WYSIWYG editor that allows an attacker to submit arbitrary JS code to WYSIWYG editor...

6.3AI score0.00905EPSS
Exploits0References2
Hacker One
Hacker One
added 2017/07/24 8:14 a.m.23 views

Starbucks: Reflected XSS on https://www.starbucks.co.uk/shop/paymentmethod/ (bypass for 227486)

Hi guys, I am now able to prove my concerns from 227486 see my last comment. "s are still not correctly encoded when rendered into the page in the element on almost any https://starbucks.co.uk/ page. The WAF is bypassed by encoding "s as %2522 in the URL path. This won't work when the payload is...

0.3AI score
Exploits0
Packet Storm
Packet Storm
added 2009/02/03 12:0 a.m.21 views

SMF 1.1.7 Cross Site Scripting

SMF 1.1.7 simplemachines.org XSS Exploitation: If you can modify the censor on a SMF forum, then you can make it execute arbitrary JS code. http://SMF.Forum.com/index.php?action=postsettings;sa=censor Just add the following entry: http://www.test.xss/ = http://www.test-xss/"...

0.2AI score
Exploits0
Rows per page
Query Builder