Lucene search
K

19 matches found

Cvelist
Cvelist
added 2023/08/02 12:0 a.m.20 views

CVE-2023-26316

A XSS vulnerability exists in the Xiaomi cloud service Application product. The vulnerability is caused by Webview's whitelist checking function allowing javascript protocol to be loaded and can be exploited by attackers to steal Xiaomi cloud service account's cookies...

6.1AI score0.00309EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/02/23 2:46 p.m.43 views

CVE-2023-0868 Stealing Cookies using Reflected XSS via graph results

Reflected cross-site scripting in graph results in multiple versions of OpenNMS Meridian and Horizon could allow an attacker access to steal session cookies. Users should upgrade to Meridian 2023.1.0 or newer, or Horizon 31.0.4. Meridian and Horizon installation instructions state that they are...

6.7CVSS6.5AI score0.00442EPSS
Exploits0References2
Huntr
Huntr
added 2022/03/13 6:54 a.m.19 views

Stored XSS via file upload

Description Hello Team, \ This is a bypass to the report in https://huntr.dev/bounties/6127739d-f4f2-44cd-ae3d-e3ccb7f0d7b5/. \ The upload feature allows the files with the extension .xxhtml which leads to Stored XSS. Proof of Concept filename="poc.xxhtml" alert1 Steps to Reproduce 1.Login into...

3.5CVSS5.6AI score0.00631EPSS
Exploits1
Huntr
Huntr
added 2022/02/20 6:3 a.m.22 views

Cross-site Scripting (XSS) - Reflected

Description There is a Reflected cross site scripting issue chained using these endpoints: 1 /admin/content/0/edit 2 /apiqqalert1fca4/page Proof of Concept 1. Login to https://demo.microweber.org 2. Now visit https://demo.microweber.org/demo/admin/content/0/edit 3. Now open this url in same tab o...

3.5CVSS0.8AI score0.009EPSS
Exploits1
OSV
OSV
added 2022/02/09 11:8 p.m.31 views

GHSA-PH76-RHQQ-XJ7J Cross-site scripting in Crafter CMS Crafter Studio

Crafter CMS Crafter Studio 3.0.1 is affected by: Cross Site Scripting XSS, which allows remote attackers to steal users’ cookies...

6.1CVSS6.1AI score0.01038EPSS
Exploits0References2
Hacker One
Hacker One
added 2021/02/06 3:7 p.m.89 views

Revive Adserver: Reflected XSS on /admin/stats.php

Linked to the report https://hackerone.com/reports/1083376 I found a reflected XSS attack on /admin/stats.php. Revive-Adserver version is revive-adserver-5.1.1. This time I found the parameter statsBreakdown - Go to...

4.3CVSS2.7AI score0.3633EPSS
Exploits1
Exploit DB
Exploit DB
added 2021/01/05 12:0 a.m.264 views

Baby Care System 1.0 - 'Post title' Stored XSS

Exploit Title: Baby Care System 1.0 - 'Post title' Stored XSS Exploit Author: Hardik Solanki Vendor Homepage: https://www.sourcecodester.com/php/14622/baby-care-system-phpmysqli-full-source-code.html Software Link:...

7.4AI score
Exploits0
OSV
OSV
added 2020/11/27 6:15 p.m.12 views

CVE-2017-15686

Crafter CMS Crafter Studio 3.0.1 is affected by: Cross Site Scripting XSS, which allows remote attackers to steal users’ cookies...

6.1CVSS6.6AI score
Exploits0References1
Prion
Prion
added 2020/11/27 6:15 p.m.19 views

Cross site scripting

Crafter CMS Crafter Studio 3.0.1 is affected by: Cross Site Scripting XSS, which allows remote attackers to steal users’ cookies...

4.3CVSS6.1AI score0.01038EPSS
Exploits0References1Affected Software1
Hacker One
Hacker One
added 2018/01/01 8:16 p.m.34 views

LocalTapiola: Reflected XSS Vulnerability in https://www.lahitapiola.fi/cs/Satellite

Basic report information Summary: Reflected XSS vulnerability in https://www.lahitapiola.fi/cs/Satellite. Description: There exists a reflected XSS vulnerability in https://www.lahitapiola.fi/cs/Satellite?pagename=TAMaster/FWBlogAsset/FWNav. Value of query string parameter rendermode is not...

0.9AI score
Exploits0
Exploit DB
Exploit DB
added 2017/11/11 12:0 a.m.31 views

MyBB 1.8.13 - Cross-Site Scripting

Exploit Title: XSS in MyBB up to 1.8.13 via installer Date: Found on 05-29-2017 Exploit Author: Pablo Sacristan Vendor Homepage: https://mybb.com/ Version: Version 1.8.13 Fixed in 1.8.13 CVE : CVE-2017-16781 No HTML escaping when returning an $error in /install/index.php can lead to an XSS which...

5.4CVSS5.5AI score0.01581EPSS
Exploits4
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.36 views

ClanTiger < 1.1.1 - Multiple Cookie Handling Vulnerabilities

No description provided by source. || || || -----------------------------------------\ == -- ----------- ---------------------------- ------------------/ ¡VIVA SPAIN!...¡GANAREMOS EL MUNDIAL!...o.O ¡PROUD TO BE SPANISH! ---------------------...

7.1AI score
Exploits0
The Hacker News
The Hacker News
added 2014/05/27 7:8 a.m.16 views

WordPress Cookie Flaw Lets Hackers Hijack Your Account

Do you own a blog on WordPress.com website? If Yes, then you should take some extra cautious while signing into your Wordpress account from the next time when connected to public Wi-Fi, because it can be hacked without your knowledge, even if you have enabled two-factor authentication. Yan Zhu, a...

7AI score
Exploits0
Packet Storm
Packet Storm
added 2009/05/25 12:0 a.m.23 views

MiniTwitter 0.3 Beta SQL Injection

------------------------------------------------------------ MULTIPLE REMOTE VULNERABILITIES --MiniTwitter ------------------------------------------------------------ CMS INFORMATION: --WEB: http://mt.bioscriptsdb.com/ --DOWNLOAD: http://sourceforge.net/projects/minitt/ --DEMO:...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2009/04/18 12:0 a.m.69 views

CLAN TIGER CMS--MULTIPLE COOKIES HANDLING VULNERABILITIES--&gt;

-------------------------------------------------------------- CLAN TIGER CMS MULTIPLE COOKIES HANDLING VULNERABILITIES -------------------------------------------------------------- CMS INFORMATION: --WEB: http://www.clantiger.com --DOWNLOAD: http://www.clantiger.com/download-clan-cms --DEMO:...

0.1AI score
Exploits0
seebug.org
seebug.org
added 2009/04/17 12:0 a.m.417 views

webSPELL 4.2.0c Bypass BBCode XSS Cookie Stealing Vulnerability

No description provided by source. || || || -----------------------------------------\ == -- ----------- ---------------------------- ------------------/ ¡VIVA SPAIN!...¡GANAREMOS EL MUNDIAL!...o.O PROUD TO BE SPANISH! -------------------...

7.1AI score
Exploits0
0day.today
0day.today
added 2009/04/16 12:0 a.m.70 views

webSPELL 4.2.0c Bypass BBCode XSS Cookie Stealing Vulnerability

Exploit for unknown platform in category web applications =============================================================== webSPELL 4.2.0c Bypass BBCode XSS Cookie Stealing Vulnerability ===============================================================...

7.1AI score
Exploits0
Exploit DB
Exploit DB
added 2009/04/16 12:0 a.m.2342 views

webSPELL 4.2.0c - Bypass BBCode Cross-Site Scripting Cookie Stealing

|| || || -----------------------------------------\ == -- ----------- ---------------------------- ------------------/ ¡VIVA SPAIN!...¡GANAREMOS EL MUNDIAL!...o.O PROUD TO BE SPANISH! ---------------------------------------------------------------------------------------------- | XSS BYPASS...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2009/04/16 12:0 a.m.331 views

webSPELL 4.2.0c - Bypass BBCode Cross-Site Scripting Cookie Stealing

webSPELL 4.2.0c - Bypass BBCode Cross-Site Scripting Cookie Stealing || || || -----------------------------------------\ == -- ----------- ---------------------------- ------------------/ ¡VIVA SPAIN!...¡GANAREMOS EL MUNDIAL!...o.O PROUD TO BE SPANISH!...

0.1AI score
Exploits0
Rows per page
Query Builder