Frog CMS Cross-Site Scripting Vulnerability (CNVD-2019-34645)

Frog CMS is a Content Management System CMS developed by Philippe Archambault Software Developers. The system provides tools for page templates, user rights management and document management. A cross-site scripting vulnerability exists in Frog CMS. An attacker can exploit this vulnerability to...

Cross site scripting

Martem TELEM GW6 and GWM devices with firmware 2018.04.18-linux4-01-601cb47 and prior allow improper sanitization of data over a Websocket which may allow cross-site scripting and client-side code execution with target user privileges...

CVE-2018-10609

Martem TELEM GW6 and GWM devices with firmware 2018.04.18-linux4-01-601cb47 and prior allow improper sanitization of data over a Websocket which may allow cross-site scripting and client-side code execution with target user privileges...

WordPress: antispambot does not always escape <, >, &, " and '

The antispambot function escapes some randomly selected characters from its first argument, for example: , &, ", or '. These last five characters should always be escaped. There is a chance that this will print out unescaped: console.log"hello";'; Even though the chance of this happening is low,...

CVE-2015-6250

simple-php-captcha before commit 9d65a945029c7be7bb6bc893759e74c5636be694 allows remote attackers to automatically generate the captcha response by running the same code on the client-side...

CVE-2015-6250

CVE-2015-6250 affects the simple-php-captcha project. A vulnerability in the captured code before commit 9d65a945029c7be7bb6bc893759e74c5636be694 allows remote attackers to automatically generate CAPTCHA responses by running the same code on the client-side, effectively bypassing CAPTCHA verifica...

SUSE-SU-2017:2250-1 Security update for mercurial

This update for mercurial fixes the following issues: - CVE-2017-1000115: path traversal via symlink could lead to unauthorized access bsc1053344 - CVE-2017-1000116: argument injection in SSH URLs could lead to client-side code execution bsc1052696...

SUSE-SU-2017:2225-1 Security update for git

This update for git fixes the following issues: - CVE-2017-1000117: an argument injection in SSH URLs could lead to client-side code execution bsc1052481...

Dropbox: Dropbox Paper - Markdown XSS

Hello, Today I took a look at Dropbox Paper and noticed there is an option to export/download the project as a Markdown or word docx document. I noticed it doesn't filter any kind of Markdown escaping, meaning when parsed after download will let us execute client side code. equivallent to arbrita...

Cross-Site Scripting

Overview Affected versions of jquery are vulnerable to cross-site scripting. This occurs because the main jquery function uses a regular expression to differentiate between HTML and selectors, but does not properly anchor the regular expression. The result is that jquery may interpret HTML as...

Trend Micro Direct Pass Cross-Site Request Forgery Vulnerability

DirectPass runs as a native control or browser plug-in. A cross-site request forgery vulnerability exists in Trend Micro Direct Pass. An attacker could inject malicious code on the client side of the service bypassing input filters...

Shopify: XSS on https://app.shopify.com/

DESCRIPTION =========== It has been identified that the page located at https://app.shopify.com/ is prone to cross-site scripting issues. Cross-site Scripting XSS refers to client-side code injection attack wherein an attacker can execute malicious scripts also commonly referred to as a malicious...

Advanced Electron Forum 1.0.9 - Persistent Cross-Site Scripting

Exploit for php platform in category web applications + Credits: hyp3rlinx Vendor: ============================= www.anelectron.com/downloads/ Product: ==================================== Advanced Electron Forum v1.0.9 AEF Exploit patched current version. Vulnerability Type: ===================...

JSPMySQL Administrador CSRF &amp; XSS Vulnerabilities

Credits: hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AS-JSPMYSQLADMINISTRADOR-0904.txt Vendor: ================================ JSPMySQL Administrador https://sites.google.com/site/mfpledon/producao-de-software Product:...

Cisco Prime Collaboration Assurance Cross-Site Scripting Vulnerability

A vulnerability in the Assurance component of Cisco Prime Collaboration could allow an unauthenticated, remote attacker to conduct several cross-site scripting XSS attacks against the user of the web interface of the affected system. The vulnerability is due to insufficient validation of user...

spider_man

This plugin is a local proxy that can be used to give the framework knowledge about the web application when it has a lot of client side code like Flash or Java applets. Whenever a w3af needs to test an application with flash or javascript, the user should enable this plugin and use a web browser...

PT-2012-1248

Name of the Vulnerable Software and Affected Versions jquery versions prior to 1.9.0 Description The issue is related to the jQuery function not properly differentiating between HTML and selectors, allowing for cross-site scripting attacks. In vulnerable versions, jQuery determines whether the...

Cisco TelePresence Multiple Vulnerabilities - SOS-11-010

Sense of Security - Security Advisory - SOS-11-010 Release Date. 19-Sep-2011 Last Update. - Vendor Notification Date. 21-Feb-2011 Product. Cisco TelePresence Series Platform. Cisco Affected versions. C = TC4.1.2, MXP = F9.1 Severity Rating. Low - Medium Impact. Cookie/credential theft,...

Cisco TelePresence Cookie Theft / Impersonation / Code Execution

Cisco TelePresensce Series suffers from client-side code execution, denial of service, cookie theft, loss of confidentiality, and impersonation vulnerabilities...

Oracle Sun GlassFish Enterprise Server Stored XSS Vulnerability - Security Advisory - SOS-11-009

Sense of Security - Security Advisory - SOS-11-009 Release Date. 19-Jul-2011 Last Update. - Vendor Notification Date. 23-Mar-2011 Product. Oracle Sun GlassFish Enterprise Server Platform. Java EE Affected versions. 2.1.1 v2.1 Patch069.102 Patch12 build b31g-fcs verified and possibly others Severi...