Cross site scripting

An issue was discovered in the MULTIDOTS Advance Search for WooCommerce plugin 1.0.9 and earlier for WordPress. This plugin is vulnerable to a stored Cross-site scripting XSS vulnerability. A non-authenticated user can save the plugin settings and inject malicious JavaScript code in the Custom CS...

CVE-2018-11486

An issue was discovered in the MULTIDOTS Advance Search for WooCommerce plugin 1.0.9 and earlier for WordPress. This plugin is vulnerable to a stored Cross-site scripting XSS vulnerability. A non-authenticated user can save the plugin settings and inject malicious JavaScript code in the Custom CS...

CVE-2018-11486

An issue was discovered in the MULTIDOTS Advance Search for WooCommerce plugin 1.0.9 and earlier for WordPress. This plugin is vulnerable to a stored Cross-site scripting XSS vulnerability. A non-authenticated user can save the plugin settings and inject malicious JavaScript code in the Custom CS...

CVE-2016-10552

igniteui 0.0.5 and earlier downloads JavaScript and CSS resources over insecure protocol...

CVE-2016-10552

igniteui 0.0.5 and earlier downloads JavaScript and CSS resources over insecure protocol...

CVE-2016-10548

Arbitrary code execution is possible in reduce-css-calc node module =1.2.4 through crafted css. This makes cross sites scripting XSS possible on the client and arbitrary code injection possible on the server and user input is passed to the calc function...

CVE-2016-10548

Arbitrary code execution is possible in reduce-css-calc node module =1.2.4 through crafted css. This makes cross sites scripting XSS possible on the client and arbitrary code injection possible on the server and user input is passed to the calc function...

Information disclosure

igniteui 0.0.5 and earlier downloads JavaScript and CSS resources over insecure protocol...

CVE-2016-10552

igniteui 0.0.5 and earlier downloads JavaScript and CSS resources over insecure protocol...

CVE-2016-10548

Arbitrary code execution is possible in reduce-css-calc node module =1.2.4 through crafted css. This makes cross sites scripting XSS possible on the client and arbitrary code injection possible on the server and user input is passed to the calc function...

CVE-2016-10552

CVE-2016-10552 affects the Ignite UI package: versions 0.0.5 and earlier download JavaScript and CSS resources over an insecure HTTP connection. The core issue is unencrypted resource loading, enabling an attacker with network access to intercept or modify content. The linked advisories corrobora...

CVE-2016-10548

CVE-2016-10548 affects the Node.js module reduce-css-calc (versions

Regular Expression Denial Of Service (ReDoS)

clean-css is vulnerable to regular expression denial of service ReDoS attacks. The vulnerability exists due to the use of a vulnerable regex pattern where using it to match a malicious string could result in a ReDoS attack...

PaulPrinting CMS Printing 1.0 - SQL Injection

PaulPrinting CMS Printing 1.0 - SQL Injection Exploit Title: PaulPrinting CMS Printing 1.0 - SQL Injection Exploit Date: 2018-05-19 Software Link: https://codecanyon.net/item/paulprinting-cms-printing-solutions/19546365 Author: Mehmet Onder Key Version: 1.0 Tested On: Linux 1. Description Any...

PaulPrinting CMS Printing 1.0 - SQL Injection

Exploit Title: PaulPrinting CMS Printing 1.0 - SQL Injection Exploit Date: 2018-05-19 Software Link: https://codecanyon.net/item/paulprinting-cms-printing-solutions/19546365 Author: Mehmet Onder Key Version: 1.0 Tested On: Linux 1. Description Any visitor can run code to exploit css and sql...

Reverb.com: XSS in buying and selling pages, can created spoofed content (false login message)

Previously this issue was resolved at another location in report 351376 After spending more time searching the website, I found additional areas where this problem persists: https://sandbox.reverb.com/my/buying/orders?query= https://sandbox.reverb.com/my/selling/listings?query=...

CVE-2015-1503

Multiple directory traversal vulnerabilities in IceWarp Mail Server before 11.2 allow remote attackers to read arbitrary files via a 1 .. dot dot in the file parameter to a webmail/client/skins/default/css/css.php page or .../. dot dot dot slash dot in the 2 script or 3 style parameter to...

Yamot - Yet Another MOnitoring Tool

yamot is a web-based server-monitoring tool built for small environments with just a handful servers. It takes a minimum of resources which allows the execution on almost every machine, also very old ones. It works best with Linux or BSD. Windows is not part of the server scope. You could use it...

[SECURITY] Fedora 28 Update: roundcubemail-1.3.6-1.fc28

RoundCube Webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an e-mail client, including MIME support, address book, folder manipulation, message searching and spell checking. RoundCube Webmail is written in...

Microsoft Edge CSS var Function Uninitialized Pointer Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Edge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of t...