19 matches found
CVE-2023-26316
A XSS vulnerability exists in the Xiaomi cloud service Application product. The vulnerability is caused by Webview's whitelist checking function allowing javascript protocol to be loaded and can be exploited by attackers to steal Xiaomi cloud service account's cookies...
CVE-2023-0868 Stealing Cookies using Reflected XSS via graph results
Reflected cross-site scripting in graph results in multiple versions of OpenNMS Meridian and Horizon could allow an attacker access to steal session cookies. Users should upgrade to Meridian 2023.1.0 or newer, or Horizon 31.0.4. Meridian and Horizon installation instructions state that they are...
Stored XSS via file upload
Description Hello Team, \ This is a bypass to the report in https://huntr.dev/bounties/6127739d-f4f2-44cd-ae3d-e3ccb7f0d7b5/. \ The upload feature allows the files with the extension .xxhtml which leads to Stored XSS. Proof of Concept filename="poc.xxhtml" alert1 Steps to Reproduce 1.Login into...
Cross-site Scripting (XSS) - Reflected
Description There is a Reflected cross site scripting issue chained using these endpoints: 1 /admin/content/0/edit 2 /apiqqalert1fca4/page Proof of Concept 1. Login to https://demo.microweber.org 2. Now visit https://demo.microweber.org/demo/admin/content/0/edit 3. Now open this url in same tab o...
GHSA-PH76-RHQQ-XJ7J Cross-site scripting in Crafter CMS Crafter Studio
Crafter CMS Crafter Studio 3.0.1 is affected by: Cross Site Scripting XSS, which allows remote attackers to steal users’ cookies...
Revive Adserver: Reflected XSS on /admin/stats.php
Linked to the report https://hackerone.com/reports/1083376 I found a reflected XSS attack on /admin/stats.php. Revive-Adserver version is revive-adserver-5.1.1. This time I found the parameter statsBreakdown - Go to...
Baby Care System 1.0 - 'Post title' Stored XSS
Exploit Title: Baby Care System 1.0 - 'Post title' Stored XSS Exploit Author: Hardik Solanki Vendor Homepage: https://www.sourcecodester.com/php/14622/baby-care-system-phpmysqli-full-source-code.html Software Link:...
CVE-2017-15686
Crafter CMS Crafter Studio 3.0.1 is affected by: Cross Site Scripting XSS, which allows remote attackers to steal users’ cookies...
Cross site scripting
Crafter CMS Crafter Studio 3.0.1 is affected by: Cross Site Scripting XSS, which allows remote attackers to steal users’ cookies...
LocalTapiola: Reflected XSS Vulnerability in https://www.lahitapiola.fi/cs/Satellite
Basic report information Summary: Reflected XSS vulnerability in https://www.lahitapiola.fi/cs/Satellite. Description: There exists a reflected XSS vulnerability in https://www.lahitapiola.fi/cs/Satellite?pagename=TAMaster/FWBlogAsset/FWNav. Value of query string parameter rendermode is not...
MyBB 1.8.13 - Cross-Site Scripting
Exploit Title: XSS in MyBB up to 1.8.13 via installer Date: Found on 05-29-2017 Exploit Author: Pablo Sacristan Vendor Homepage: https://mybb.com/ Version: Version 1.8.13 Fixed in 1.8.13 CVE : CVE-2017-16781 No HTML escaping when returning an $error in /install/index.php can lead to an XSS which...
ClanTiger < 1.1.1 - Multiple Cookie Handling Vulnerabilities
No description provided by source. || || || -----------------------------------------\ == -- ----------- ---------------------------- ------------------/ ¡VIVA SPAIN!...¡GANAREMOS EL MUNDIAL!...o.O ¡PROUD TO BE SPANISH! ---------------------...
WordPress Cookie Flaw Lets Hackers Hijack Your Account
Do you own a blog on WordPress.com website? If Yes, then you should take some extra cautious while signing into your Wordpress account from the next time when connected to public Wi-Fi, because it can be hacked without your knowledge, even if you have enabled two-factor authentication. Yan Zhu, a...
MiniTwitter 0.3 Beta SQL Injection
------------------------------------------------------------ MULTIPLE REMOTE VULNERABILITIES --MiniTwitter ------------------------------------------------------------ CMS INFORMATION: --WEB: http://mt.bioscriptsdb.com/ --DOWNLOAD: http://sourceforge.net/projects/minitt/ --DEMO:...
CLAN TIGER CMS--MULTIPLE COOKIES HANDLING VULNERABILITIES-->
-------------------------------------------------------------- CLAN TIGER CMS MULTIPLE COOKIES HANDLING VULNERABILITIES -------------------------------------------------------------- CMS INFORMATION: --WEB: http://www.clantiger.com --DOWNLOAD: http://www.clantiger.com/download-clan-cms --DEMO:...
webSPELL 4.2.0c Bypass BBCode XSS Cookie Stealing Vulnerability
No description provided by source. || || || -----------------------------------------\ == -- ----------- ---------------------------- ------------------/ ¡VIVA SPAIN!...¡GANAREMOS EL MUNDIAL!...o.O PROUD TO BE SPANISH! -------------------...
webSPELL 4.2.0c - Bypass BBCode Cross-Site Scripting Cookie Stealing
webSPELL 4.2.0c - Bypass BBCode Cross-Site Scripting Cookie Stealing || || || -----------------------------------------\ == -- ----------- ---------------------------- ------------------/ ¡VIVA SPAIN!...¡GANAREMOS EL MUNDIAL!...o.O PROUD TO BE SPANISH!...
webSPELL 4.2.0c Bypass BBCode XSS Cookie Stealing Vulnerability
Exploit for unknown platform in category web applications =============================================================== webSPELL 4.2.0c Bypass BBCode XSS Cookie Stealing Vulnerability ===============================================================...
webSPELL 4.2.0c - Bypass BBCode Cross-Site Scripting Cookie Stealing
|| || || -----------------------------------------\ == -- ----------- ---------------------------- ------------------/ ¡VIVA SPAIN!...¡GANAREMOS EL MUNDIAL!...o.O PROUD TO BE SPANISH! ---------------------------------------------------------------------------------------------- | XSS BYPASS...