Pornhub: Mobile Reflect XSS / CSRF at Advertisement Section on Search page

The researcher identified a search query parameter vulnerable to cross-site scripting in the Mobile view. It is same vulnerability of redtube's mobile search page. The report is 380246 . This vulnerability is performed XSS because protecting with adding slashes at double quoters. At the tag's...

Open-AudIT Cross-Site Scripting Vulnerability (CNVD-2018-12810)

Open-AudIT is a network discovery and auditing program. The program intelligently scans networks and network devices and provides status reports. A cross-site scripting vulnerability exists in the Attributes feature in versions of Open-AudIT Community Edition prior to 2.2.2. A remote attacker can...

CVE-2018-13433

Boostnote v0.11.7 allows XSS during highlighting of Markdown text, as demonstrated by an onerror attribute of an IMG element...

CVE-2018-11124

Cross-site scripting XSS vulnerability in Attributes functionality in Open-AudIT Community edition before 2.2.2 allows remote attackers to inject arbitrary web script or HTML via a crafted attribute name of an Attribute...

CVE-2018-13339

Imperavi Redactor 3 in Angular Redactor 1.1.6, when HTML content mode is used, allows stored XSS, as demonstrated by an onerror attribute of an IMG element, a related issue to CVE-2018-7035...

Cross site scripting

Cross-site scripting XSS vulnerability in mail compose in Open-Xchange OX App Suite before 7.6.3-rev31, 7.8.x before 7.8.2-rev31, 7.8.3 before 7.8.3-rev41, and 7.8.4 before 7.8.4-rev28 allows remote attackers to inject arbitrary web script or HTML via the data-target attribute in an HTML page wit...

CVE-2018-9997

Open-Xchange OX App Suite contains an XSS in mail compose that can be exploited via the data-target attribute in a data-toggle gadget. Affected products/versions: OX App Suite < 7.6.3-rev31, 7.8.x < 7.8.2-rev31, 7.8.3 < 7.8.3-rev41, 7.8.4

Code injection

DISPUTED ModSecurity 3.0.0 has XSS via an onerror attribute of an IMG element. NOTE: a third party has disputed this issue because it may only apply to environments without a Core Rule Set configured...

CVE-2018-13065

ModSecurity 3.0.0 has XSS via an onerror attribute of an IMG element. NOTE: a third party has disputed this issue because it may only apply to environments without a Core Rule Set configured...

CVE-2018-13065

CVE-2018-13065 affects ModSecurity 3.0.0 with a Cross-Site Scripting issue: XSS via an IMG onError attribute. The core detail across connected sources is that an attacker could inject script through an onError on an IMG tag; some sources note a third party disputes applicability without a Core Ru...

CVE-2018-13094

An issue was discovered in fs/xfs/libxfs/xfsattrleaf.c in the Linux kernel through 4.17.3. An OOPS may occur for a corrupted xfs image after xfsdashrinkinode is called with a NULL bp...

DEBIAN-CVE-2018-13098

An issue was discovered in fs/f2fs/inode.c in the Linux kernel through 4.17.3. A denial of service slab out-of-bounds read and BUG can occur for a modified f2fs filesystem image in which FIEXTRAATTR is set in an inode...

DEBIAN-CVE-2018-13094

An issue was discovered in fs/xfs/libxfs/xfsattrleaf.c in the Linux kernel through 4.17.3. An OOPS may occur for a corrupted xfs image after xfsdashrinkinode is called with a NULL bp...

Open-Xchange App Suite Cross-Site Scripting Vulnerability

Open-Xchange OX App Suite is a set of Web-based cloud desktop environments from Open-Xchange USA. The environment allows users to more intuitively manage email, tasks, files, etc. mail compose is one of the mail editing components. A cross-site scripting vulnerability exists in the mail compose...

ModSecurity 3.0.0 - Cross-Site Scripting

ModSecurity 3.0.0 - Cross-Site Scripting. CVE-2018-13065. Webapps exploit for Linux platform. Tags: Cross-Site Scripting XSS Exploit Title: ModSecurity 3.0.0 - Cross-Site Scripting Date: 2018-07-02 Vendor Homepage: https://www.modsecurity.org Software: ModSecurity Category: Web Application Firewa...

Linux kernel denial of service vulnerability (CNVD-2018-12668)

The Linux kernel is a computer operating system kernel written in C and assembly language, compliant with the POSIX standard, and distributed under the GNU General Public License. A denial of service vulnerability exists in fs/f2fs/inode.c in 4.17.3 and earlier versions of the Linux kernel. An...

UBUNTU-CVE-2018-13094

An issue was discovered in fs/xfs/libxfs/xfsattrleaf.c in the Linux kernel through 4.17.3. An OOPS may occur for a corrupted xfs image after xfsdashrinkinode is called with a NULL bp...

UBUNTU-CVE-2018-13098

An issue was discovered in fs/f2fs/inode.c in the Linux kernel through 4.17.3. A denial of service slab out-of-bounds read and BUG can occur for a modified f2fs filesystem image in which FIEXTRAATTR is set in an inode...

Linux kernel denial of service vulnerability (CNVD-2018-15658)

Linux kernel is the kernel used by Linux, an open source operating system released by the Linux Foundation in the U.S. The ntfs.ko filesystem driver is one of the drivers that supports the NTFS filesystem. A denial of service vulnerability exists in the 'ntfsattrfind' function of the ntfs.ko...

DEBIAN-CVE-2018-12931

ntfsattrfind in the ntfs.ko filesystem driver in the Linux kernel 4.15.0 allows attackers to trigger a stack-based out-of-bounds write and cause a denial of service kernel oops or panic or possibly have unspecified other impact via a crafted ntfs filesystem...