Mail.ru: "😂" + Unauthenticated Stored XSS in API at https://api.my.games/comments/v1/comments/update/

Crossite scripting in community.my.games via post comments due to incomplete fix for 848732 I have been working on this issue for 2 hours and over 300 fails. Finally, I could exploit with a very exotic XSS payload. Payload with an emoji a little trick: %F0%9F%98%82!--😂//=...

Mail.ru: Stored XSS in api.icq.net

Crossite scripting in api.icq.net domain. icq.net is considered as a sandbox domain, it does not use HTTP authentication or cookies, but XSS could be used to facilitate phishing attack...

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

ZTE Callisto 821+ ADSL router security vulnerabilities

Crossite scripting, crossite request forgery...

owncloud multiple security vulnerabilities

Code execution, authentication bypass, information disclosure, crossite scripting, DoS...

EMC RSA Archer GRC multiple seucurity vulnerabilities

Restrictions bypass, crossite scripting, information disclosure...

Tenda routers crossite scripting

Crossite scripting in web interface...

Microsoft Lync Server / Skype for Business crossite scripting

Multiple crossite scripting possibilities...

EMC RSA Identity Management & Governance crossite scripting

No description provided...

Synology Download Station crossite scripting

Few crossite scripging possibilities...

Trend Micro Deep Discovery security vulnerabilities

Authentication bypass, crossite scripting...

Hawkeye-G XSS

Crossite scripting in web interface...

Linksys WAG120N crossite scripting

Crossite scripting in web interface...

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

System Center Operations Manager crossite scripting

Crossite scripting in web interface...

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

IBM Domino Web Server crossite scripting

No description provided...

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

Alcatel-Lucent OmniSwitch security vulnerabilities

Crossite scripting, session hijack...