191 matches found
OLX: XSS - main page - search[user_id] parameter
Hi, how you doing? This is a pretty straight foward XSS in the main page. Affected parameter: searchuserid Direct Link: https://www.olx.pt/braga/?searchuserid=1zqjeu'":/1zqjeu;9, ;prompt9;&view=galleryWide Tested in updated firefox. Impact XSS allows a intruder to inject html and client side...
ZTE MF65 BD_HDV6MF65V1.0.0B05 - Cross-Site Scripting
Exploit Title: Reflected Cross-Site Scripting on ZTE MF65 Date: 01/09/2019 Exploit Author: Nathu Nandwani Website: http://nandtech.co/ Vendor Homepage: http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1009483 Version: BDHDV6MF65V1.0.0B05 Tested on: Windows 10 x64 CVE:...
GHSA-FWX5-5FQJ-JV98 Cross-Site Scripting in morris.js
Affected versions of morris.js are vulnerable to cross-site scripting attacks in labels that appear when hovering over a particular point on a generated graph. The text content of these labels is not escaped, so if control over the labels is obtained, script can be injected. The script will run o...
Barracuda Cloud Control v3.020 - CS XSS Web Vulnerability
Document Title: =============== Barracuda Cloud Control v3.020 - CS XSS Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=662 Release Date: ============= 2018-07-17 Vulnerability Laboratory ID VL-ID: ==================================== 6...
CVE-2017-1000239
InvoicePlane version 1.4.10 is vulnerable to a Stored Cross Site Scripting resulting in allowing an authenticated user to inject malicious client side script which will be executed in the browser of users if they visit the manipulated site...
Cross site scripting
InvoicePlane version 1.4.10 is vulnerable to a Stored Cross Site Scripting resulting in allowing an authenticated user to inject malicious client side script which will be executed in the browser of users if they visit the manipulated site...
CVE-2017-1000239
InvoicePlane version 1.4.10 is vulnerable to a Stored Cross Site Scripting resulting in allowing an authenticated user to inject malicious client side script which will be executed in the browser of users if they visit the manipulated site...
CVE-2017-1000239
InvoicePlane version 1.4.10 is vulnerable to a Stored Cross Site Scripting resulting in allowing an authenticated user to inject malicious client side script which will be executed in the browser of users if they visit the manipulated site...
CVE-2017-3150
Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating use cookies that could be accessible to client-side script...
CVE-2017-3150
Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating use cookies that could be accessible to client-side script...
CVE-2016-9834
An XSS vulnerability allows remote attackers to execute arbitrary client side script on vulnerable installations of Sophos Cyberoam firewall devices with firmware through 10.6.4. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a...
InvoicePlane 1.4.10 File Upload / Cross Site Scripting Vulnerabilities
InvoicePlane version 1.4.10 suffers from cross site scripting and remote file upload vulnerabilities. title: Arbitrary File Upload & Stored XSS product: InvoicePlane vulnerable version: 1.4.10 fixed version: 1.5.2 CVE number: - impact: High homepage: https://invoiceplane.com/ found: 2017-04-10 by...
MS15-118: Description of the security update for the .NET Framework 4.5.1 and 4.5.2 on Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2: November 10, 2015
MS15-118: Description of the security update for the .NET Framework 4.5.1 and 4.5.2 on Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2: November 10, 2015 View products that this article applies to. Summary This update resolves vulnerabilities in the Microsoft .NET Framework. The most seve...
MS15-118: Description of the security update for the .NET Framework 3.5 on Windows 8 and Windows Server 2012: November 10, 2015
MS15-118: Description of the security update for the .NET Framework 3.5 on Windows 8 and Windows Server 2012: November 10, 2015 View products that this article applies to. Summary This update resolves vulnerabilities in the Microsoft .NET Framework. The most severe of these vulnerabilities could...
MS15-118: Description of the security update for the .NET Framework 4.5, 4.5.1, and 4.5.2 on Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1, and Windows Server 2008 R2 SP1: November 10, 2015
MS15-118: Description of the security update for the .NET Framework 4.5, 4.5.1, and 4.5.2 on Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1, and Windows Server 2008 R2 SP1: November 10, 2015 View products that this article applies to. Summary This update resolves vulnerabilities in the...
MS15-118: Description of the security update for the .NET Framework 3.5.1 on Windows 7 SP1 and Windows Server 2008 R2 SP1: November 10, 2015
MS15-118: Description of the security update for the .NET Framework 3.5.1 on Windows 7 SP1 and Windows Server 2008 R2 SP1: November 10, 2015 View products that this article applies to. Summary This update resolves vulnerabilities in the Microsoft .NET Framework. The most severe of these...
MDS API XSS Vulnerability
A cross-site scripting vulnerability exists in SQL Server MDS that could allow an attacker to inject a client-side script into the user's browser instance. The vulnerability is caused when the SQL Server MDS does not properly validate a request parameter on the SQL Server site. The script could...
MiniUPnP DNS Rebind Vulnerability
The remote host is running a version of MiniUPnP that is affected by an unspecified flaw that exists in the Domain Name System DNS related to the 'rebinding' interaction. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted web page, to run a...
Microsoft System Center Operations Manager Cross-Site Scripting Vulnerability
Microsoft System Center Operations Manager is a Microsoft architecture for effective monitoring and management of IT environments, providing views of operational status, performance information, and generating alerts based on availability, performance, configuration, or security conditions. A...
WordPress Syndication Links Plugin <= 1.0.2 - Cross Site Scripting
This plugin is prone to a DOM cross site scripting vulnerability. This attack is executed as a result of modifying the DOM in the victim’s browser used by the original client side script. Solution Update the plugin...