CVE-2022-35500

Amasty Blog 2.10.3 is vulnerable to Cross Site Scripting XSS via leave comment functionality...

DEBIAN-CVE-2023-47212

A heap-based buffer overflow vulnerability exists in the comment functionality of stb vorbis.c v1.22. A specially crafted .ogg file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability...

UBUNTU-CVE-2023-47212

A heap-based buffer overflow vulnerability exists in the comment functionality of stb vorbis.c v1.22. A specially crafted .ogg file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability...

CVE-2023-47212

A heap-based buffer overflow vulnerability exists in the comment functionality of stb vorbis.c v1.22. A specially crafted .ogg file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability...

CVE-2023-47212

A heap-based buffer overflow vulnerability exists in the comment functionality of stb vorbis.c v1.22. A specially crafted .ogg file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability...

Inability of Followers and Followees to Commenting

Lines of code Vulnerability details Impact The lack of functionality restricts interaction and engagement between the profile owner and their followers or the users they follow. This limitation diminishes the platform's value, as users who are interested in a post or have a genuine reason to...

CVE-2022-35500

Amasty Blog 2.10.3 is vulnerable to Cross Site Scripting XSS via leave comment functionality...

CVE-2022-35500

CVE-2022-35500: Amasty Blog 2.10.3 is vulnerable to Cross Site Scripting (XSS) via the leave comment functionality. Affected: Amasty Blog version 2.10.3. Root cause details are not explicitly provided in the documents, only the XSS via leave comment is stated. Remediation guidance from PT-2022-22...

Mail.ru: Stored Xss

Stored XSS in comment functionality on profile.my.games and community.my.games...

ERPnext 11 - Cross-Site Scripting

ERPnext 11 - Cross-Site Scripting Exploit Title: ERPnext 11.x.x - Cross-Site Scripting Date: 2018-05-10 Exploit Author: Veerababu Penugonda Vendor Homepage: https://erpnext.com/ Software Link: https://demo.erpnext.com/ Version: Frappe ERPNext v11.x.x-develop Tested on: Mozilla Firefox quantum 60....

ERPnext 11 - Cross-Site Scripting

Exploit Title: ERPnext 11.x.x - Cross-Site Scripting Date: 2018-05-10 Exploit Author: Veerababu Penugonda Vendor Homepage: https://erpnext.com/ Software Link: https://demo.erpnext.com/ Version: Frappe ERPNext v11.x.x-develop Tested on: Mozilla Firefox quantum 60.1 , Ubuntu OS CVE : CVE-2018-11339...

CVE-2016-1178

The session management of the comment functionality in appleple a-blog cms 2.6.0.1 and earlier allows remote attackers to obtain or modify sensitive data via unspecified vectors...

CVE-2016-1178

The session management of the comment functionality in appleple a-blog cms 2.6.0.1 and earlier allows remote attackers to obtain or modify sensitive data via unspecified vectors...

CVE-2016-1178

The CVE-2016-1178 issue affects appleple a-blog cms up to version 2.6.0.1, where a flaw in the session management of the comment feature allows remote attackers to obtain or modify sensitive data. Related sources describe concrete impacts: an unauthenticated attacker could delete arbitrary commen...

JVN#03975805: a-blog cms vulnerable to session management

a-blog cms provided by appleple Inc. is a content management system CMS. a-blog cms contains a vulnerability in session management of the comment functionality. Impact An arbitrary comment posted may be deleted or a commenter's e-mail address may be obtained by an unauthenticated remote attacker...

Stored XSS Vulnerability in CMS Serendipity v.2.0-rc1

Advisory: Stored XSS Vulnerability in CMS Serendipity v.2.0-rc1 Advisory ID: SROEADV-2014-02 Author: Steffen Rцsemann Affected Software: CMS Serendipity v.2.0-rc1 Release: 20th Dec 2014 Vendor URL: http://www.s9y.org/ Vendor Status: fixed CVE-ID: - ========================== Vulnerability...

Simple PHP Blog <= 0.4.0 - Remote Command Execution

No description provided by source. $Id: sphpblogfileupload.rb 9929 2010-07-25 21:37:54Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms ...

CVE-2007-0763

Cross-site scripting XSS vulnerability in the news comment functionality in F3Site 2.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the Autor field...