WordPress Symposium <=15.8.1 - Cross-Site Scripting

WordPress Symposium through 15.8.1 contains a reflected cross-site scripting vulnerability via the wp-content/plugins/wp-symposium/getalbumitem.php?size parameter which allows an attacker to steal cookie-based authentication credentials and launch other attacks. id: CVE-2015-9414 info: name:...

Adobe Connect Cross-Site Scripting Vulnerability (CNVD-2026-18681)

Adobe Connect is a software for creating meeting environments from the American company Audobee Adobe. Adobe Connect suffers from a cross-site scripting vulnerability that could be exploited by an attacker to steal a victim's cookie-based authentication credentials...

CVE-2003-1277

Cross-site scripting XSS vulnerabilities in Yet Another Bulletin Board YaBB 1.5.0 allow remote attackers to execute arbitrary script as other users and possibly steal authentication information via cookies by injecting arbitrary HTML or script into 1 newsicon of newstemplate.php, and 2 threadid a...

CVE-2020-24902

Quixplorer =2.4.1 is vulnerable to reflected cross-site scripting XSS caused by improper validation of user supplied input. A remote attacker could exploit this vulnerability using a specially crafted URL to execute a script in a victim's Web browser within the security context of the hosting Web...

EUVD-2003-1267

Malware in sbrugna...

EUVD-2015-3025

Malware in sbrugna...

CVE-2025-6737

Securden’s Unified PAM Remote Vendor Gateway access portal shares infrastructure and access tokens across multiple tenants. A malicious actor can obtain authentication material and access the gateway server with low-privilege permissions...

Android botnet BadBox largely disrupted

Removing 24 malicious apps from the Google Play store and silencing some servers almost halved a botnet known as BadBox. The BadBox botnet focuses on Android devices, but not just phones. It also affects other devices like TV streaming boxes, tablets, and smart TVs. The German BSI Federal Office...

DerbyNet back parameter cross-site scripting vulnerability

DerbyNet is a simple code for a match broadcasting program. A cross-site scripting vulnerability exists in the DerbyNet back parameter, which is caused by improper validation of user-supplied input in the playlist.php script. An attacker could use this vulnerability to steal the victim's...

A Longstanding Zero-Day in Citrix Devices Exploited Since August

Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary A zero-day exploit, identified as CVE-2023-4966, has been actively targeting critical vulnerabilities in Citrix NetScaler ADC/Gateway devices since late August 2023. This exploit has the potential...

JSA10375 - Pulse Connect Secure (PCS): Cross-Site Scripting Vulnerability

Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. Older software versions of Pulse Connect Secure are prone to a cross-site scripting vulnerability. An attacker may leverage this issue to execute an arbitrary script. This issue is...

CVE-2022-35227

A vulnerability in SAP NW EP WPC - versions 7.30, 7.31, 7.40, 7.50, which does not sufficiently validate user-controlled input, allows a remote attacker to conduct a Cross-Site XSS scripting attack. A successful exploit could allow the attacker to execute arbitrary script code which could lead to...

Formstone Vulnerable to Reflected XSS

Formstone =1.4.16 is vulnerable to a Reflected Cross-Site Scripting XSS vulnerability caused by improper validation of user supplied input in the upload-target.php and upload-chunked.php files. A remote attacker could exploit this vulnerability using a specially crafted URL to execute a script in...

JetBrains TeamCity 跨站脚本漏洞

JetBrains TeamCity is a distributed build management and continuous integration tool from JetBrains Czech Republic. The tool provides continuous unit testing, code quality analysis, and build issue analysis reporting.JetBrains TeamCity contains a cross-site scripting vulnerability that could be...

USN-4785-1 npm vulnerability

It was discovered that the npm command-line interface mishandled certain sensitive information. An attacker could use this vulnerability to collect authentication information that could be used to impersonate other users...

Multiple Sooil Product License Issue Vulnerabilities

Sooil Dana Diabecare RS and others are products of Sooil Korea.Sooil Dana Diabecare RS is a smart insulin pump with discrete remote control for medical use.Sooil Anydana-i is a mobile application that can be used to control the Sooil Dana Diabecare RS.Sooil Anydana-i is a mobile application that...

CVE-2019-9834

The Netdata web application through 1.13.0 allows remote attackers to inject their own malicious HTML code into an imported snapshot, aka HTML Injection. Successful exploitation will allow attacker-supplied HTML to run in the context of the affected browser, potentially allowing the attacker to...

SirsiDynix e-Library 3.5.x - Cross-Site Scripting Vulnerability

Exploit for cgi platform in category web applications Exploit Title: SirsiDynix e-Library = 3.5.x - Cross-Site Scripting CVE: CVE-2018-20503 Google Dork: inurl:/x/x/0/49 Exploit Author: Özkan Mustafa Akkuş AkkuS Contact: https://pentest.com.tr Vendor Homepage: http://www.sirsidynix.com Version:...

Cross site scripting

The Balbooa Gridbox extension version 2.4.0 and previous versions for Joomla! is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability via a crafted URL to execute script in a victim's Web browser within the...

Privilege escalation

Skype for Business in Microsoft Lync 2013 SP1 and Skype for Business 2016 allows an attacker to steal an authentication hash that can be reused elsewhere, due to how Skype for Business handles authentication requests, aka "Skype for Business Elevation of Privilege Vulnerability."...