Lucene search
K

3539 matches found

exploitpack
exploitpack
added 2010/04/03 12:0 a.m.12 views

Flatpress 0.909.1 - Persistent Cross-Site Scripting

Flatpress 0.909.1 - Persistent Cross-Site Scripting Title: FlatPress 0.909.1 Stored XSS Vendor: http://www.flatpress.org Dork: "powered by FlatPress" AUTHOR: ITSecTeam Email: [email protected] Website: http://www.itsecteam.com Forum : http://forum.ITSecTeam.com Original Advisory:...

6.8AI score
Exploits0
Exploit DB
Exploit DB
added 2010/04/03 12:0 a.m.31 views

Flatpress 0.909.1 - Persistent Cross-Site Scripting

Title: FlatPress 0.909.1 Stored XSS Vendor: http://www.flatpress.org Dork: "powered by FlatPress" AUTHOR: ITSecTeam Email: [email protected] Website: http://www.itsecteam.com Forum : http://forum.ITSecTeam.com Original Advisory: www.ITSecTeam.com/en/vulnerabilities/vulnerability32.htm Thanks:...

7.4AI score
Exploits0
Prion
Prion
added 2010/03/26 6:30 p.m.22 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in OpenCMS OAMP Comments Module 1.0.1 allow remote attackers to inject arbitrary web script or HTML via the name field in a comment, and other unspecified vectors...

4.3CVSS6.1AI score0.01073EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2010/03/26 6:0 p.m.63 views

CVE-2009-4505

CVE-2009-4505 concerns the OpenCMS OAMP Comments Module (v1.0.0). The vulnerability arises from unfiltered user input being reflected in comments, enabling cross-site scripting (XSS) across visitors. The Compass Security advisory details exploitability and shows the impact as potential impersonat...

4.3CVSS5.8AI score0.01073EPSS
Exploits1References4Affected Software1
Prion
Prion
added 2010/03/25 5:30 p.m.16 views

Cross site scripting

Cross-site scripting XSS vulnerability in the Recent Comments module 5.x through 5.x-1.2 and 6.x through 6.x-1.0 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a "custom block title interface."...

3.5CVSS5.7AI score0.01005EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 2010/03/25 5:0 p.m.19 views

CVE-2010-1107

Cross-site scripting XSS vulnerability in the Recent Comments module 5.x through 5.x-1.2 and 6.x through 6.x-1.0 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a "custom block title interface."...

5.3AI score0.01005EPSS
Exploits0References6
CVE
CVE
added 2010/03/25 5:0 p.m.45 views

CVE-2010-1107

The CVE-2010-1107 entry concerns a Cross-site Scripting (XSS) vulnerability in Drupal’s Recent Comments module for versions 5.x (up to 5.x-1.2) and 6.x (up to 6.x-1.0). The underlying issue allows remote authenticated users to inject arbitrary web script or HTML via the “custom block title interf...

3.5CVSS5.5AI score0.01005EPSS
Exploits0References6Affected Software1
securityvulns
securityvulns
added 2010/03/24 12:0 a.m.65 views

CVE-2009-4505 OpenCMS OAMP Comments Module XSS

COMPASS SECURITY ADVISORY http://www.csnc.ch/ CVE ID : CVE-2009-4505 Product: OpenCMS OAMP Comments Module Vendor: Open Source, Alkacon GmbH Cologne, Germany Subject: Cross-site scripting XSS Risk: High Effect: Anonymously exploitable Author: Cyrill Brunschwiler [email protected] Date:...

4.3CVSS0.3AI score0.01073EPSS
Exploits1
Packet Storm
Packet Storm
added 2010/03/16 12:0 a.m.26 views

CSICE Cross Site Request Forgery / Cross Site Scripting

http://www.csice.org/ Suffers from XSS and CSRF cross site scripting and cross site request forgery attacks. The vulnerability lies in the Post comment filelds in the following page move to this page 'only for authenticated user' http://www.csice.org/student/subjects.html and choose a subject and...

0.1AI score
Exploits0
Packet Storm
Packet Storm
added 2010/02/25 12:0 a.m.27 views

Article Friendly Local File Inclusion

======================================================================= Article friendly Insecure direct object Referece Vulnerability ======================================================================= by Pratul Agrawal Vulnerability found in- Admin module email [email protected] company...

0.1AI score
Exploits0
exploitpack
exploitpack
added 2010/02/23 12:0 a.m.27 views

Tinypug 0.9.5 - Cross-Site Request Forgery (Password Change)

Tinypug 0.9.5 - Cross-Site Request Forgery Password Change www.BugReport.ir AmnPardaz Security Research Team Title: Tinypug Multiple Vulnerabilities Vendor: http://platformassociates.com/ project hosted at http://code.google.com/p/tinypug/ Vulnerable Version: 0.9.5 and prior versions Exploitation...

0.8AI score
Exploits0
Prion
Prion
added 2010/02/22 9:30 p.m.10 views

Sql injection

SQL injection vulnerability in the Webee Comments comwebeecomment component 1.1.1, 1.2, and 2.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the articleId parameter in a default action to index2.php. NOTE: some of these details are obtained from third party informatio...

7.5CVSS9AI score0.00971EPSS
Exploits1References4Affected Software1
NVD
NVD
added 2010/02/22 9:30 p.m.18 views

CVE-2009-4650

SQL injection vulnerability in the Webee Comments comwebeecomment component 1.1.1, 1.2, and 2.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the articleId parameter in a default action to index2.php. NOTE: some of these details are obtained from third party informatio...

7.5CVSS8.3AI score0.00971EPSS
Exploits1References4
NVD
NVD
added 2010/02/22 9:30 p.m.20 views

CVE-2009-4651

Multiple cross-site scripting XSS vulnerabilities in the Webee Comments comwebeecomment component 1.1.1, 1.2, and 2.0 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the 1 color, 2 img, or 3 url BBCode tags in unspecified vectors...

4.3CVSS5.8AI score0.01178EPSS
Exploits1References2
Prion
Prion
added 2010/02/22 9:30 p.m.16 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the Webee Comments comwebeecomment component 1.1.1, 1.2, and 2.0 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the 1 color, 2 img, or 3 url BBCode tags in unspecified vectors...

4.3CVSS6.1AI score0.01178EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2010/02/22 9:0 p.m.48 views

CVE-2009-4650

The CVE covers a SQL injection vulnerability in the Joomla! extension Webee Comments (com_webeecomment) , affecting versions 1.1.1, 1.2, and 2.0 . The flaw allows remote attackers to inject arbitrary SQL via the articleId parameter in the default action to index2.php , enabling execution of arbit...

7.5CVSS8.7AI score0.00971EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2010/02/22 9:0 p.m.48 views

CVE-2009-4651

CVE-2009-4651 affects Joomla! through the Webee Comments (com_webeecomment) component versions 1.1.1, 1.2, and 2.0. The root cause is cross-site scripting (XSS) in the way BBCode tags (color, img, url) are processed, allowing remote attackers to inject arbitrary script or HTML via unspecified vec...

4.3CVSS5.9AI score0.01178EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2010/02/22 9:0 p.m.25 views

CVE-2009-4651

Multiple cross-site scripting XSS vulnerabilities in the Webee Comments comwebeecomment component 1.1.1, 1.2, and 2.0 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the 1 color, 2 img, or 3 url BBCode tags in unspecified vectors...

5.8AI score0.01178EPSS
Exploits1References2
Cvelist
Cvelist
added 2010/02/22 9:0 p.m.26 views

CVE-2009-4650

SQL injection vulnerability in the Webee Comments comwebeecomment component 1.1.1, 1.2, and 2.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the articleId parameter in a default action to index2.php. NOTE: some of these details are obtained from third party informatio...

8.3AI score0.00971EPSS
Exploits1References4
exploitpack
exploitpack
added 2010/01/22 12:0 a.m.21 views

KosmosBlog 0.9.3 - SQL Injection Cross-Site Scripting Cross-Site Request Forgery

KosmosBlog 0.9.3 - SQL Injection Cross-Site Scripting Cross-Site Request Forgery ----------------------------------------------------------------------------------------------- Title: KosmosBlog 0.9.3 SQLi/XSS/CSRF Multiple Vulnerabilities Author: Milos Zivanovic Email: milosz.securityatgmail.com...

0.7AI score
Exploits0
Rows per page
Query Builder