Lucene search
+L

359 matches found

prion
prion
added 2022/09/20 9:15 p.m.18 views

Server side request forgery (ssrf)

A security issue was discovered in Z-BlogPHP = 1.7.2. A Server-Side Request Forgery SSRF vulnerability in the zbusers/plugin/UEditor/php/actioncrawler.php file allows remote attackers to force the application to make arbitrary requests via injection of arbitrary URLs into the source parameter...

7.5CVSS9.5AI score0.01208EPSS
Exploits1References1Affected Software1
nvd
nvd
added 2022/09/20 8:15 p.m.19 views

CVE-2022-38931

A Server-Side Request Forgery SSRF in fetchnetfileupload function of baijiacmsV4 v4.1.4 allows remote attackers to force the application to make arbitrary requests via injection of arbitrary URLs into the url parameter...

8.8CVSS0.01103EPSS
Exploits1References1
osv
osv
added 2022/09/20 8:1 p.m.10 views

CVE-2022-40357

A security issue was discovered in Z-BlogPHP = 1.7.2. A Server-Side Request Forgery SSRF vulnerability in the zbusers/plugin/UEditor/php/actioncrawler.php file allows remote attackers to force the application to make arbitrary requests via injection of arbitrary URLs into the source parameter...

9.8CVSS7.5AI score0.01208EPSS
Exploits1References3
ptsecurity
ptsecurity
added 2022/09/20 12:0 a.m.12 views

PT-2022-24620 · Unknown · Baijiacmsv4

Name of the Vulnerable Software and Affected Versions: baijiacmsV4 version 4.1.4 Description: A Server-Side Request Forgery SSRF issue exists in the fetch net file upload function, allowing remote attackers to force the application to make arbitrary requests by injecting arbitrary URLs into the u...

8.8CVSS8.7AI score0.01103EPSS
Exploits1References3
hackerone
hackerone
added 2022/08/10 6:3 p.m.14 views

U.S. Dept Of Defense: stored cross site scripting in https://███████

It was observed that the application is vulnerable to cross-site scripting XSS. XSS is a type of attack that involves running a malicious scripts on a victim’s browser. poc attached another parameter at 1636345 q13787 payload: %22%27%3e%3csvg%2fonload%3dconfirm666%3e Impact Cookie Stealing - A...

0.7AI score
Exploits0
hackerone
hackerone
added 2022/08/10 5:18 p.m.10 views

U.S. Dept Of Defense: stored cross site scripting in https://████

It was observed that the application is vulnerable to cross-site scripting XSS. XSS is a type of attack that involves running a malicious scripts on a victim’s browser. poc attached another parameter at 1636345 q13794 payload: %22%27%3e%3csvg%2fonload%3dconfirm666%3e Impact Cookie Stealing - A...

0.7AI score
Exploits0
hackerone
hackerone
added 2022/08/10 5:14 p.m.21 views

U.S. Dept Of Defense: stored cross site scripting in https://██████████

It was observed that the application is vulnerable to cross-site scripting XSS. XSS is a type of attack that involves running a malicious scripts on a victim’s browser. poc attached another parameter at 1636345 q13779 payload: %22%27%3e%3csvg%2fonload%3dconfirm666%3e Impact Cookie Stealing - A...

0.7AI score
Exploits0
hackerone
hackerone
added 2022/08/10 3:39 p.m.11 views

U.S. Dept Of Defense: stored cross site scripting in https://████████.edu

A stored cross-site scripting XSS vulnerability was discovered in the ████████.edu website. This vulnerability allowed an attacker to inject and execute malicious scripts on a victim's browser, potentially leading to cookie theft, arbitrary requests, malware downloads, or website defacement...

5.8AI score
Exploits0
hackerone
hackerone
added 2022/08/08 5:54 p.m.38 views

Showmax: Reflected XSS at https://stories.showmax.com/wp-content/themes/theme-internal_ss/blocks/ajax/a.php via `ss_country_filter` param

Summary: A Reflected XSS issue at https://stories.showmax.com/. Description: This issue was found at https://stories.showmax.com/wp-content/themes/theme-internalss/blocks/ajax/b.php page. But, as I understand the last part of pathname a.php can be different. For example b.php also working. Maybe ...

0.9AI score
Exploits0
hackerone
hackerone
added 2022/08/05 3:59 p.m.12 views

U.S. Dept Of Defense: stored cross site scripting in https://███

It was observed that the application is vulnerable to cross-site scripting XSS. XSS is a type of attack that involves running a malicious scripts on a victim’s browser. poc attached another parameter at 1636345 q21675 Impact Cookie Stealing - A malicious user can steal cookies and use them to gai...

0.8AI score
Exploits0
hackerone
hackerone
added 2022/08/05 2:10 p.m.18 views

U.S. Dept Of Defense: stored cross site scripting in https://█████████

It was observed that the application is vulnerable to cross-site scripting XSS. XSS is a type of attack that involves running a malicious scripts on a victim’s browser. poc attached another parameter at 1636345 q21677 Impact Cookie Stealing - A malicious user can steal cookies and use them to gai...

0.9AI score
Exploits0
hackerone
hackerone
added 2022/08/02 12:0 p.m.13 views

U.S. Dept Of Defense: stored cross site scripting in https://███

It was observed that the application is vulnerable to cross-site scripting XSS. XSS is a type of attack that involves running a malicious scripts on a victim’s browser. poc attached another parameter at 1636345 q21655 Impact Cookie Stealing - A malicious user can steal cookies and use them to gai...

0.9AI score
Exploits0
hackerone
hackerone
added 2022/08/02 11:55 a.m.14 views

U.S. Dept Of Defense: stored cross site scripting in https://██████████

It was observed that the application is vulnerable to cross-site scripting XSS. XSS is a type of attack that involves running a malicious scripts on a victim’s browser. poc attached another parameter at 1636345 q21671= Impact Cookie Stealing - A malicious user can steal cookies and use them to ga...

0.9AI score
Exploits0
hackerone
hackerone
added 2022/08/02 11:44 a.m.10 views

U.S. Dept Of Defense: stored cross site scripting in https://███

It was observed that the application is vulnerable to cross-site scripting XSS. XSS is a type of attack that involves running a malicious scripts on a victim’s browser. poc attached another parameter at 1636345 Impact Cookie Stealing - A malicious user can steal cookies and use them to gain acces...

0.9AI score
Exploits0
hackerone
hackerone
added 2022/08/02 11:14 a.m.13 views

U.S. Dept Of Defense: stored cross site scripting in https://███

It was observed that the application is vulnerable to cross-site scripting XSS. XSS is a type of attack that involves running a malicious scripts on a victim’s browser. poc attached another parameter at 1636345 Year Group Military Only Impact Cookie Stealing - A malicious user can steal cookies a...

0.4AI score
Exploits0
cnvd
cnvd
added 2022/07/15 12:0 a.m.14 views

Siemens SIMATIC eaSie Authentication Error Vulnerability

SIMATIC eaSie, the digital assistant for automation and process control technology in the Siemens Automation Concept "Total Integrated Automation", is vulnerable to an authentication error that could be exploited by a remote, unauthenticated attacker to send arbitrary messages to the service,...

9.1CVSS3.6AI score0.01265EPSS
Exploits0References1
hackerone
hackerone
added 2022/07/14 1:23 a.m.18 views

U.S. Dept Of Defense: Reflected cross site scripting in https://███████

It was observed that the application is vulnerable to cross-site scripting XSS. XSS is a type of attack that involves running a malicious scripts on a victim’s browser. request.txt attacked poc attached Impact Cookie Stealing - A malicious user can steal cookies and use them to gain access to the...

0.7AI score
Exploits0
prion
prion
added 2022/07/12 10:15 a.m.14 views

Default configuration

A vulnerability has been identified in SIMATIC eaSie Core Package All versions V22.00. The underlying MQTT service of affected systems does not perform authentication in the default configuration. This could allow an unauthenticated remote attacker to send arbitrary messages to the service and...

6.4CVSS9.2AI score0.01265EPSS
Exploits0References1Affected Software1
github
github
added 2022/07/02 12:0 a.m.39 views

Server-Side Request Forgery in link-preview-js

The package link-preview-js before 2.1.17 are vulnerable to Server-side Request Forgery SSRF which allows attackers to send arbitrary requests to the local network and read the response. This is due to flawed DNS rebinding protection...

6.2CVSS5.3AI score0.00363EPSS
Exploits1References5Affected Software1
nvd
nvd
added 2022/06/09 2:15 p.m.17 views

CVE-2022-31386

A Server-Side Request Forgery SSRF in the getFileBinary function of nbnbk cms 3 allows attackers to force the application to make arbitrary requests via injection of arbitrary URLs into the URL parameter...

9.1CVSS0.00977EPSS
Exploits1References1
Rows per page
Query Builder