Quixplorer 2.4.1 Beta Cross Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: Reflected XSS in quixplorer-2.4.1beta Google Dork: intitle:"My Download Server" Exploit Author: Adriano Marcio Monteiro @adrianomarcmont Exploit Author Site: https://www.brztec.com Exploit Author E-mail: email protected Vendor...

X (Formerly Twitter): Tracking of users on third-party websites using the Twitter cookie, due to a flaw in authenticating image requests

Summary: As part of our SoftwareLab@TU Darmstadt latest research project, we discovered a privacy-related vulnerability in multiple high-profile websites, including Twitter. An attacker exploiting this vulnerability can identify a user of your website while the user visits an attacker-controlled...

Atlassian Jira < 4.1.1 Multiple Vulnerabilities

According to its self-reported version number, the version of Atlassian JIRA hosted on the remote web server is prior to 4.1.1. It is, therefore, potentially affected by multiple vulnerabilities : - Remote authenticated attackers can exploit the privilege-escalation issue to gain SYSTEM-level...

WordPress Propertyhive 1.4.14 Cross Site Scripting Vulnerability

WordPress Propertyhive plugin version 1.4.14 suffers from a cross site scripting vulnerability. WordPress Propertyhive 1.4.14 Cross Site Scripting Vulnerability Vulnerable Propertyhive 1.4.14 Propertyhive is prone to a stored cross-site scripting vulnerability because it fails to sufficiently...

WordPress Propertyhive 1.4.14 Cross Site Scripting

Class Input Validation Error Remote Yes Credit Ricardo Sanchez Vulnerable Propertyhive 1.4.14 Propertyhive is prone to a stored cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in...

WordPress Cross-Site Scripting Vulnerability (CNVD-2018-03957)

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in WordPress version 4.9.2, which can be exploited by an attacker to steal...

PHP < 5.6.33, 7.x < 7.0.27, 7.1.x < 7.1.13, 7.2.x < 7.2.1 Multiple Vulnerabilities - Windows

PHP is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:php:php"; if description...

Zomato: [https://reviews.zomato.com] Time Based SQL Injection

@samengmg found an cookie based SQL injection on https://reviews.zomato.com. I noticed that two cookies were submitted during a request during the login page of https://reviews.zomato.com orange squeeze Due to the oddly named cookies, I decided to fuzz them. Eventually, I discovered both are...

WordPress Itinerary 1.0.0 Cross Site Scripting Vulnerability

Exploit for php platform in category web applications Credit Ricardo Sanchez Vulnerable Itinerary 1.0.0 Itinerary is prone to a stored cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script...

WordPress Itinerary 1.0.0 Cross Site Scripting

Class Input Validation Error Remote Yes Credit Ricardo Sanchez Vulnerable Itinerary 1.0.0 Itinerary is prone to a stored cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the...

WordPress Yakadanda Google+ Hangout Events 0.3.7 XSS Vulnerability

WordPress Yakadanda Google+ Hangout Events plugin version 0.3.7 suffers from a cross site scripting vulnerability. Credit Ricardo Sanchez Vulnerable Yakadanda Google+ Hangout Events 0.3.7 Yakadanda Google+ Hangout Events is prone to a stored cross-site scripting vulnerability because it fails to...

WordPress Share This Image 1.03 Cross Site Scripting Vulnerability

Exploit for php platform in category web applications Credit Ricardo Sanchez Vulnerable Share This Image 1.03 Share This Image is prone to a stored cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute...

WordPress Share This Image 1.03 Cross Site Scripting

Class Input Validation Error Remote Yes Credit Ricardo Sanchez Vulnerable Share This Image 1.03 Share This Image is prone to a stored cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script co...

WordPress Yakadanda Google+ Hangout Events 0.3.7 XSS

Class Input Validation Error Remote Yes Credit Ricardo Sanchez Vulnerable Yakadanda Google+ Hangout Events 0.3.7 Yakadanda Google+ Hangout Events is prone to a stored cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this iss...

WordPress Placemarks 2.0.0 Cross Site Scripting

Class Input Validation Error Remote Yes Credit Ricardo Sanchez Vulnerable Placemarks 2.0.0 Placemarks is prone to a stored cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the...

WordPress Sagepay Server Gateway For WooCommerce 1.0.7 XSS Vulnerability

WordPress Sagepay Server Gateway For WooCommerce plugin version 1.0.7 suffers from a persistent cross site scripting vulnerability. Credit Ricardo Sanchez Vulnerable SagePay Server Gateway for WooCommerce 1.0.7 SagePay Server Gateway for WooCommerce is prone to a stored cross-site scripting...

WordPress Pinterest Badge 1.8.0 Cross Site Scripting Vulnerability

Exploit for php platform in category web applications Credit Ricardo Sanchez Vulnerable Pinterest Badge 1.8.0 Pinterest Badge is prone to a stored cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute...

WordPress Qiniu Cloudtuchuang 1.8 Cross Site Scripting

Title: WordPress Qiniu Cloudtuchuang a,caoa3/4ao 1.8 Cross Site Scripting File: Class Input Validation Error Remote Yes Credit Ricardo Sanchez Vulnerable Qiniu Cloudtuchuang a,caoa3/4ao 1.8 Qiniu Cloudtuchuang a,caoa3/4ao is prone to a stored cross-site scripting vulnerability because it fails to...

WordPress Crowd Ideas 1.0 Cross Site Scripting Vulnerability

WordPress Crowd Ideas plugin version 1.0 suffers from a cross site scripting vulnerability. Credit Ricardo Sanchez Vulnerable Crowd Ideas 1.0 Crowd Ideas is prone to a stored cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage...

WordPress WP Mailster 1.5.4.0 Cross Site Scripting Vulnerability

WordPress WP Mailster plugin version 1.5.4.0 suffers from a persistent cross site scripting vulnerability. Vulnerable WP Mailster 1.5.4.0 WP Mailster is prone to a stored cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this...