WBCE CMS 1.6.1 - Open Redirect & CSRF Vulnerability

Exploit Title: WBCE CMS 1.6.1 - Open Redirect & CSRF Version: 1.6.1 Bugs: Open Redirect + CSRF = CSS KEYLOGGING Technology: PHP Vendor URL: https://wbce-cms.org/ Software Link: https://github.com/WBCE/WBCECMS/releases/tag/1.6.1 Date of found: 03-07-2023 Author: Mirabbas Ağalarov Tested on: Linux ...

WBCE CMS 1.6.1 - Open Redirect & CSRF

Exploit Title: WBCE CMS 1.6.1 - Open Redirect & CSRF Version: 1.6.1 Bugs: Open Redirect + CSRF = CSS KEYLOGGING Technology: PHP Vendor URL: https://wbce-cms.org/ Software Link: https://github.com/WBCE/WBCECMS/releases/tag/1.6.1 Date of found: 03-07-2023 Author: Mirabbas Ağalarov Tested on: Linux ...

The vulnerability of the Go programming language, related to errors in processing special symbols "<>" in CSS contexts, allows attackers to execute arbitrary code.

The vulnerability of the Go programming language is related to errors in processing special symbols "" within CSS contexts. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

CVE-2023-2482

The Responsive CSS EDITOR WordPress plugin through 1.0 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high-privilege users such as admin...

Sql injection

The Responsive CSS EDITOR WordPress plugin through 1.0 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high-privilege users such as admin...

CVE-2023-2482

The CVE-2023-2482 entry concerns the Responsive CSS EDITOR WordPress plugin (

CVE-2023-2482 Responsive CSS EDITOR <= 1.0 - Admin+ SQLi

The Responsive CSS EDITOR WordPress plugin through 1.0 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high-privilege users such as admin...

WordPress plugin Responsive CSS EDITOR SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A SQL injection vulnerability exists in...

SUSE CVE-2019-25136

A compromised child process could have injected XBL Bindings into privileged CSS rules, resulting in arbitrary code execution and a sandbox escape. This vulnerability affects Firefox 70...

CVE-2019-25136

A compromised child process could have injected XBL Bindings into privileged CSS rules, resulting in arbitrary code execution and a sandbox escape. This vulnerability affects Firefox 70...

CVE-2019-25136

A compromised child process could have injected XBL Bindings into privileged CSS rules, resulting in arbitrary code execution and a sandbox escape. This vulnerability affects Firefox 70...

CVE-2019-25136

A compromised child process could have injected XBL Bindings into privileged CSS rules, resulting in arbitrary code execution and a sandbox escape. This vulnerability affects Firefox 70...

CVE-2019-25136

A compromised child process could have injected XBL Bindings into privileged CSS rules, resulting in arbitrary code execution and a sandbox escape. This vulnerability affects Firefox 70...

CVE-2019-25136

A compromised child process could have injected XBL Bindings into privileged CSS rules, resulting in arbitrary code execution and a sandbox escape. This vulnerability affects Firefox 70...

Mozilla Firefox 安全漏洞

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A security vulnerability exists in versions of Mozilla Firefox prior to 70, which stems from the possibility that an infected child process may inject XBL bindings into privileged CSS rules, leading to...

Security Bulletin: IBM Sterling Partner Engagement Manager is vulnerable to CSS injection due to Swagger UI (CVE-2019-17495)

Summary IBM Sterling Partner Engagement Manager has addressed a vulnerability of CSS injection flaw bundled with Swagger UI. Vulnerability Details CVEID:CVE-2019-17495 DESCRIPTION: Swagger UI could allow a remote attacker to obtain sensitive information, caused by a CSS injection flaw. By using t...

projectSend r1605 - Stored XSS

Exploit Title: projectSend r1605 - Stored XSS Application: projectSend Version: r1605 Bugs: Stored Xss Technology: PHP Vendor URL: https://www.projectsend.org/ Software Link: https://www.projectsend.org/ Date of found: 11-06-2023 Author: Mirabbas Ağalarov Tested on: Linux 2. Technical Details & P...

golang: html/template: improper sanitization of CSS values

A flaw was found in golang where angle brackets were not considered dangerous characters when inserted into CSS contexts. Templates containing multiple actions separated by a '/' character could result in the CSS context unexpectedly closing, allowing for the injection of unexpected HMTL if...

rockreport.de Cross Site Scripting vulnerability OBB-3422426

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Amazon Linux 2023 : golang, golang-bin, golang-misc (ALAS2023-2023-209)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-209 advisory. html/template: improper sanitization of CSS values Angle brackets were not considered dangerous characters when inserted into CSS contexts. Templates containing multiple actions separated by a...