Cross site request forgery (csrf)

In phpBB before 3.1.7-PL1, includes/acp/acpbbcodes.php has improper verification of a CSRF token on the BBCode page in the Administration Control Panel. An actual CSRF attack is possible if an attacker also manages to retrieve the session id of a reauthenticated administrator prior to targeting...

Session Token In URL

PhpBB sends the session token via a GET parameter in the URL. Due to the way phpbb works, having the session ID is not enough for a remote attacker to gain access to the application since the session tokens are tied to an IP address. However, with knowledge of the administrator's session ID, the...

Exploit for Cross-site Scripting in Kunena

CVE-2019-15120 Exploit for XSS via BBCode on Kunena extension...

CVE-2019-15120

The Kunena extension before 5.1.14 for Joomla! allows XSS via BBCode...

CVE-2019-15120

The Kunena extension before 5.1.14 for Joomla! allows XSS via BBCode...

Cross site scripting

The Kunena extension before 5.1.14 for Joomla! allows XSS via BBCode...

CVE-2019-15120

The CVE covers Kunena (Joomla! extension) prior to version 5.1.14. The issue is a stored XSS via BBCode in Kunena messages which is exploitable by normal user input in any BBCode-enabled field. Exploit documentation notes that this XSS can lead to remote code execution. Affected product/version: ...

CVE-2019-15120

The Kunena extension before 5.1.14 for Joomla! allows XSS via BBCode...

PT-2019-13999 · Joomla · Kunena

Name of the Vulnerable Software and Affected Versions: Kunena extension versions prior to 5.1.14 for Joomla! Description: The issue allows for XSS via BBCode, which can be exploited to execute malicious scripts. Recommendations: For versions prior to 5.1.14, update to version 5.1.14 or later to...

Design/Logic Flaw

In MyBB before 1.8.21, an attacker can exploit a parsing flaw in the Private Message / Post renderer that leads to video BBCode persistent XSS to take over any forum account, aka a nested video MyCode issue...

CVE-2019-12830

In MyBB before 1.8.21, an attacker can exploit a parsing flaw in the Private Message / Post renderer that leads to video BBCode persistent XSS to take over any forum account, aka a nested video MyCode issue...

Valve: XSS in steam react chat client

The Steam chat client both sends and receives bbcode format chat messages. These map to HTML elements, and notably the url bbcode tag is supported for arbitrary URLs. React has strong XSS mitigations but does not mitigate javascript: URI based XSS. This is rather difficult to exploit as the clien...

phpMyAdmin 4.0.x < 4.0.10.16 Multiple Vulnerabilities (PMASA-2016-17, PMASA-2016-22 - PMASA-2016-24, PMASA-2016-26 - PMASA-2016-28)

According to its self-reported version number, the phpMyAdmin application hosted on the remote web server is 4.0.x prior to 4.0.10.16. It is, therefore, affected by the following vulnerabilities : - A flaw exists in the setup/frames/index.inc.php script that allows an unauthenticated, remote...

phpMyAdmin Multiple Security Vulnerabilities - 01 (Dec 2016) - Linux

phpMyAdmin is prone to multiple security vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:phpmyadmin:phpmyadmin";...

phpMyAdmin Multiple Security Vulnerabilities - 01 (Dec 2016) - Windows

phpMyAdmin is prone to multiple security vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:phpmyadmin:phpmyadmin";...

phpMyAdmin BBCode injection vulnerability

phpmyadmin is an online management tool for MySQL databases. An injection vulnerability exists in version 4.6.x of phpMyAdmin. It is possible for an attacker to inject BBCode into the login page via a constructed login request...

CVE-2016-9862

An issue was discovered in phpMyAdmin. With a crafted login request it is possible to inject BBCode in the login page. All 4.6.x versions prior to 4.6.5 are affected...

ALPINE-CVE-2016-9862

An issue was discovered in phpMyAdmin. With a crafted login request it is possible to inject BBCode in the login page. All 4.6.x versions prior to 4.6.5 are affected...

DEBIAN-CVE-2016-9862

An issue was discovered in phpMyAdmin. With a crafted login request it is possible to inject BBCode in the login page. All 4.6.x versions prior to 4.6.5 are affected...

CVE-2016-9862

An issue was discovered in phpMyAdmin. With a crafted login request it is possible to inject BBCode in the login page. All 4.6.x versions prior to 4.6.5 are affected...