18 matches found
BIT-MOODLE-2025-67855 Mooodle: mooodle: information disclosure and script execution via reflected cross-site scripting
A flaw was found in mooodle. A remote attacker could exploit a reflected Cross-Site Scripting XSS vulnerability in the policy tool return URL. This vulnerability arises from insufficient sanitization of URL parameters, allowing attackers to inject malicious scripts through specially crafted links...
CVE-2021-47892
PEEL Shopping 9.3.0 contains a stored cross-site scripting vulnerability in the 'Comments / Special Instructions' parameter of the purchase page. Attackers can inject malicious JavaScript payloads that will execute when the page is refreshed, potentially allowing client-side script execution...
CVE-2026-22029
React Router is a router for React. In @remix-run/router version prior to 1.23.2 and react-router 7.0.0 through 7.11.0, React Router and Remix v1/v2 SPA open navigation redirects originating from loaders or actions in Framework Mode, Data Mode, or the unstable RSC modes can result in unsafe URLs...
Cross-site Scripting (XSS)
Overview trix is a Rich Text Editor. Affected versions of this package are vulnerable to Cross-site Scripting XSS due to applying DOMPurify.isValidAttribute to data-trix-attachments before rendering them as anchor tags. An attacker can execute arbitrary JavaScript code within the user's session,...
Projectworlds Life Insurance Management System 注入漏洞
Projectworlds Life Insurance Management System is a life insurance management system from Projectworlds India. An injection vulnerability exists in Projectworlds Life Insurance Management System version 1.0, which stems from an incorrect manipulation of the clientid parameter in the file...
SUSE CVE-2012-1088
iproute2 before 3.3.0 allows local users to overwrite arbitrary files via a symlink attack on a temporary file used by 1 configure or 2 examples/dhcp-client-script...
AutoHotkey-Based Password Stealer Targeting US, Canadian Banking Users
Threat actors have been discovered distributing a new credential stealer written in AutoHotkey AHK scripting language as part of an ongoing campaign that started early 2020. Customers of financial institutions in the US and Canada are among the primary targets for credential exfiltration, with a...
Broadleaf Commerce Cross-Site Scripting Vulnerability
Broadleaf Commerce is Broadleaf Commerce team of a Java open source e-commerce website framework. A cross-site scripting vulnerability exists in Broadleaf Commerce version 5.1.14-GA, which stems from a slow HTTP post vulnerability. An attacker can exploit this vulnerability to execute JavaScript...
Subrion cross-site scripting vulnerability (CNVD-2019-44570)
Subrion CMS is a PHP-based content management system CMS from the Subrion team. The system can be integrated into a website and supports a variety of extensions plugins and more. A cross-site scripting vulnerability exists in Subrion version 4.2.1, which can be exploited by an attacker to execute...
DNSBin - Tool To Test Data Exfiltration Through DNS (RCE and XXE)
DNSBin is a simple tool to test data exfiltration through DNS and help test vulnerability like RCE or XXE when the environment has significant constraint. The project is in two parts, the first one is the web server and it's component. It offers a basic web UI, for most cases you won't need more...
RSPET - Python Reverse Shell and Post Exploitation Tool
RSPET Reverse Shell and Post Exploitation Tool is a Python based reverse shell equipped with functionalities that assist in a post exploitation scenario. Features Remote Command Execution Trafic masking XORed insted of cleartext; for better results use port 4431 Built-in File/Binary transfer both...
Reverse Shell Post Exploitation Tool: RSPET
RSPET Reverse Shell Post Exploitation Tool is a Python based reverse shell equipped with functionalities that assist in a post exploitation scenario. Features Remote Command Execution Trafic masking XORed insted of cleartext; for better results use port 443 Built-in File/Binary transfer both ways...
JP1/Integrated Management - Service Support vulnerable to cross-site scripting
Overview JP1/Integrated Management - Service Support has a cross-site scripting vulnerability, which occurs when receiving a request that contains malicious scripts when being used with JP1/Integrated Management - View. Impact An attacker can exploit this vulnerability to execute malicious script...
CVE-2012-1088
iproute2 before 3.3.0 allows local users to overwrite arbitrary files via a symlink attack on a temporary file used by 1 configure or 2 examples/dhcp-client-script...
UBUNTU-CVE-2012-1088
iproute2 before 3.3.0 allows local users to overwrite arbitrary files via a symlink attack on a temporary file used by 1 configure or 2 examples/dhcp-client-script...
CVE-2012-1088
iproute2 before 3.3.0 allows local users to overwrite arbitrary files via a symlink attack on a temporary file used by 1 configure or 2 examples/dhcp-client-script...
PT-2014-2216 · Iproute2 · Iproute2
Name of the Vulnerable Software and Affected Versions: iproute2 versions prior to 3.3.0 Description: The issue allows local users to overwrite arbitrary files via a symlink attack on a temporary file used by certain scripts. This can be exploited through the configure script or the...
CVE-2003-1204
Multiple cross-site scripting XSS vulnerabilities in Mambo Site Server 4.0.12 BETA and earlier allow remote attackers to execute script on other clients via 1 the link parameter in sectionswindow.php, the directory parameter in 2 gallery.php, 3 navigation.php, or 4 uploadimage.php, the path...