4048 matches found
Adobe Experience Manager 跨站脚本漏洞
Adobe Experience Manager AEM is a content management solution from Adobe that can be used to build websites, mobile applications and forms. Adobe Experience Manager has a cross-site scripting vulnerability that could be exploited by attackers to steal a victim's cookie-based authentication...
WordPress Plugin Testimonial Slider and Showcase 2.2.6 - Stored Cross-Site Scripting (XSS)
Exploit Title: WordPress Plugin Testimonial Slider and Showcase 2.2.6 - Stored Cross-Site Scripting XSS Date: 05/08/2022 Exploit Author: saitamang , yunaranyancat , syad Vendor Homepage: https://wordpress.org Software Link: https://wordpress.org/plugins/testimonial-slider-and-showcase/ Version:...
WordPress Plugin Netroics Blog Posts Grid 1.0 - Stored Cross-Site Scripting (XSS)
Exploit Title: WordPress Plugin Netroics Blog Posts Grid 1.0 - Stored Cross-Site Scripting XSS Date: 08/08/2022 Exploit Author: saitamang, syad, yunaranyancat Vendor Homepage: wordpress.org Software Link: https://downloads.wordpress.org/plugin/netroics-blog-posts-grid.zip Version: 1.0 Tested on:...
Cross site scripting
HCL iNotes is susceptible to a Reflected Cross-site Scripting XSS vulnerability caused by improper validation of user-supplied input supplied with a form POST request. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's web browser with...
Authcov - Web App Authorisation Coverage Scanning
Web app authorisation coverage scanning. Introduction AuthCov crawls your web application using a Chrome headless browser while logged in as a pre-defined user. It intercepts and logs API requests as well as pages loaded during the crawling phase. In the next phase it logs in under a different us...
BlueCMS SQL注入漏洞
BlueCMS is a content management system CMS based on PHP and MySQL. A SQL injection vulnerability exists in BlueCMS version 1.6, which stems from a SQL injection vulnerability in cooike...
ASUS RT-AX88U Cross-Site Scripting Vulnerability
ASUS RT-AX88U is a wireless router from ASUS China.The ASUS RT-AX88U has a security vulnerability that could be exploited by attackers to steal a victim's cookie-based authentication credentials...
IBM Cognos Analytics 跨站脚本漏洞
IBM Cognos Analytics is a suite of business intelligence software from IBM Corporation. IBM Cognos Analytics has a cross-site scripting vulnerability that could be exploited by an attacker to steal a victim's cookie-based authentication credentials...
JetBrains YouTrack 安全漏洞
JetBrains YouTrack is a browser-based bug tracking and project management software from JetBrains Czech Republic. JetBrains YouTrack 2022.1.43563 previously contained a security vulnerability that could be exploited by attackers to steal a victim's cookie-based authentication credentials...
SalonERP 3.0.1 - 'sql' SQL Injection (Authenticated)
Exploit Title: SalonERP 3.0.1 - 'sql' SQL Injection Authenticated Exploit Author: Betul Denizler Vendor Homepage: https://salonerp.sourceforge.io/ Software Link: https://sourceforge.net/projects/salonerp/files/latest/download Version: SalonERP v3.0.1 Tested on: Ubuntu Mate 20.04 Vulnerable...
Input validation
Insta HMS before 12.4.10 is vulnerable to XSS because of improper validation of user-supplied input by multiple scripts. A remote attacker could exploit this vulnerability via a crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the U...
WordPress Plugin PowerPack Addons for Elementor Cross-Site Scripting Vulnerability
WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the WordPress plugin PowerPack Addons for Elementor, which stems from the program failing to escape...
WordPress Plugin Booster for WooCommerce Cross-Site Scripting Vulnerability
WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the WordPress plugin Booster for WooCommerce. The vulnerability stems from the program not filterin...
WordPress plugin LiteSpeed Cache cross-site scripting vulnerability
WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in WordPress plugin LiteSpeed Cache versions prior to 4.4.4. The vulnerability stems from the program...
Ultimate FAQ < 2.1.2 - Subscriber+ Arbitrary FAQ Creation
The plugin does not have capability and CSRF checks in the ewdufaqwelcomeaddfaq and ewdufaqwelcomeaddfaqpage AJAX actions, available to any authenticated users. As a result, any users, with a role as low as Subscriber could create FAQ and FAQ questions...
phpKF CMS 3.00 Beta y6 - Remote Code Execution (Unauthenticated) Exploit
Exploit Title: phpKF CMS 3.00 Beta y6 - Remote Code Execution RCE Unauthenticated Exploit Author: Halit AKAYDIN hLtAkydn Vendor Homepage: https://www.phpkf.com/ Software Link: https://www.phpkf.com/indirme.php Version: 3.00 Category: Webapps Tested on: Linux/Windows phpKF-CMS; It is a very popula...
Security Bulletin: Vulnerability in Dojo may affect IBM Cúram Social Program Management (CVE-2018-15494)
Summary IBM Cúram Social Program Management uses the Dojo libraries, for which there is a publicly known vulnerability. Dojo Toolkit is vulnerable to cross-site scripting attack, caused by improper validation of user-supplied input by the DataGrid component. Vulnerability Details CVEID:...
GSEOR <= 1.3 - Authenticated SQL Injection
A pageid GET parameter of the plugin is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection. GET /wp-admin/admin.php?page=gseor.php&search=1&pageid=1%20AND%20SELECT%206449%20FROM%20SELECTSLEEP5wwdQ HTTP/1.1 Cache-Control: max-age=0...
NCH Quorum 跨站脚本漏洞
NCH Quorum is a teleconference server software. It can turn any computer into a conference call server. A cross-site scripting vulnerability exists in NCH Quorum, which could be exploited by attackers to steal cookie-based authentication credentials from victims...
Security Bulletin: A cross-site scripting vulnerability in JQuery affects IBM InfoSphere Information Server
Summary A cross-site scripting vulnerability in JQuery used by IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID: CVE-2015-9251 DESCRIPTION: jQuery is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could explo...