25 matches found
Seotoaster 3.2.0 Cross Site Scripting
Exploit Title: Seotoaster 3.2.0 - Stored XSS on Edit page properties Exploit Author: Hardik Solanki Vendor Homepage: https://www.seotoaster.com/ Software Link: https://crm-marketing-automation-platforms.seotoaster.com/ Version: 3.2.0 Tested on Windows 10 XSS ATTACK: Cross-site Scripting XSS is a...
CVE-2020-13262
Client-Side code injection through Mermaid markup in GitLab CE/EE 12.9 and later through 13.0.1 allows a specially crafted Mermaid payload to PUT requests on behalf of other users via clicking on a link...
Gitlab -- Multiple Vulnerabilities
Gitlab reports: User Email Verification Bypass OAuth Flow Missing Email Verification Checks Notification Email Verification Bypass Undisclosed Vulnerability on a Third-Party Rendering Engine Group Sign-Up Restriction Bypass Mirror Project Owner Impersonation Missing Permission Check on Fork...
CVE-2019-15652
The web interface for NSSLGlobal SatLink VSAT Modem Unit VMU devices before 18.1.0 doesn't properly sanitize input for error messages, leading to the ability to inject client-side code...
CVE-2019-18207
Summary: CVE-2019-18207 affects Zucchetti InfoBusiness ≤ 4.4.1. An authenticated user can inject client-side code due to improper validation of the Title field in the InfoBusiness Web Component. The payload is triggered whenever users browse the reports page. Affected software: Zucchetti InfoBusi...