171 matches found
CVE-2022-29890
In affected versions of Octopus Server the help sidebar can be customized to include a Cross-Site Scripting payload in the support link...
[SECURITY] Fedora 36 Update: powerline-go-1.21.0-4.fc36
A Powerline like prompt for Bash, ZSH and Fish. - Shows some important details about the git/hg branch - Changes color if the last command exited with a failure code - If you're too deep into a directory tree, shortens the displayed path with an ellipsis - Shows the current Python virtualenv...
CVE-2021-33851
A cross-site scripting XSS attack can cause arbitrary code JavaScript to run in a user's browser and can use an application as the vehicle for the attack. The XSS payload given in the "Custom logo link" executes whenever the user opens the Settings Page of the "Customize Login Image" Plugin...
CVE-2021-33851
A cross-site scripting XSS attack can cause arbitrary code JavaScript to run in a user's browser and can use an application as the vehicle for the attack. The XSS payload given in the "Custom logo link" executes whenever the user opens the Settings Page of the "Customize Login Image" Plugin...
WordPress Plugin 跨站脚本漏洞
WordPress plugin is a WordPress open source application plugin. WordPress Customize Login Image Plugin version 3.4 contains a cross-site scripting vulnerability that can be exploited by attackers to cause arbitrary code JavaScript to run when a user's browser connects to a trusted website...
CVE-2021-33851
A cross-site scripting XSS attack can cause arbitrary code JavaScript to run in a user's browser and can use an application as the vehicle for the attack. The XSS payload given in the "Custom logo link" executes whenever the user opens the Settings Page of the "Customize Login Image" Plugin...
WordPress plugin WP Customize Login 'Change Logo Title' cross-site scripting vulnerability
WordPress is a blogging platform based on the PHP language, which can be used to set up websites on servers supporting PHP and MySQL databases, and can also be used as a content management system CMS. cross-site scripting vulnerability exists in the WordPress plugin WP Customize Login 'Change Log...
WordPress WP Customize Login 1.1 Plugin - (Change Logo Title) Stored Cross-Site Scripting Vulnerabil
Exploit Title: WordPress Plugin WP Customize Login 1.1 - 'Change Logo Title' Stored Cross-Site Scripting XSS Exploit Author: Aryan Chehreghani Software Link: https://wordpress.org/plugins/customize-login/ Version: 1.1 Tested on: Windows 10 How to Reproduce this Vulnerability: 1. Install WordPress...
WordPress WP Customize Login 1.1 Cross Site Scripting
Exploit Title: WordPress Plugin WP Customize Login 1.1 - 'Change Logo Title' Stored Cross-Site Scripting XSS Date: 2021-08-03 Exploit Author: Aryan Chehreghani Software Link: https://wordpress.org/plugins/customize-login/ Version: 1.1 Tested on: Windows 10 How to Reproduce this Vulnerability: 1...
WordPress Plugin WP Customize Login 1.1 - 'Change Logo Title' Stored Cross-Site Scripting (XSS)
Exploit Title: WordPress Plugin WP Customize Login 1.1 - 'Change Logo Title' Stored Cross-Site Scripting XSS Date: 2021-08-03 Exploit Author: Aryan Chehreghani Software Link: https://wordpress.org/plugins/customize-login/ Version: 1.1 Tested on: Windows 10 How to Reproduce this Vulnerability: 1...
CVE-2020-35856
SolarWinds Orion Platform before 2020.2.5 allows stored XSS attacks by an administrator on the Customize View page...
Cross site scripting
SolarWinds Orion Platform before 2020.2.5 allows stored XSS attacks by an administrator on the Customize View page...
CVE-2020-35856
SolarWinds Orion Platform before 2020.2.5 allows stored XSS attacks by an administrator on the Customize View page...
CVE-2020-35856
SolarWinds Orion Platform ≤ 2020.2.4 is affected by CVE-2020-35856, a stored cross-site scripting (XSS) vulnerability that exists on the Customize View page and requires an Orion administrator account to exploit. The issue is associated with the add custom tab within the Customize View page, enab...
Solarwinds Orion Platform 跨站脚本漏洞
SolarWinds Orion Platform is a comprehensive bandwidth performance management and fault management application that lets you view real-time statistics about your network directly from your Web browser. A stored cross-site scripting vulnerability exists in SolarWinds Orion Platform versions prior ...
Ivory Search < 4.5.11 - Authenticated Reflected Cross-Site Scripting (XSS)
The setting page of Ivory Search 4.5.10 is vulnerable to reflected XSS when a logged in administrator visit a malicious link or page, as it does not sanitise or escape the GET post parameter before outputting it in a tag attribute As an admin user, open:...
WPCracker - WordPress User Enumeration And Login Brute Force Tool
WordPress user enumeration and login Brute Force tool for Windows and Linux With the Brute Force tool, you can control how aggressive an attack you want to perform, and this affects the attack time required. The tool makes it possible to adjust the number of threads as well as how large password...
How to Customize the VSPC Welcome Email
Purpose This article documents how to customize the Welcome emails sent out by Veeam Service Provider Console. Solution Requirements and Considerations for Modifying the Welcome Email Template File To modify the Welcome email template file effectively, proficiency in XML, HTML, and XSLT is...
bbPress Login Register Links On Forum Topic Pages <= 2.7.5 - CSRF to Stored XSS
Lack of CSRF checks in the plugin's settings allow arbitrary change of the settings, which can also lead to stored XSS issues. The payload below will result in a stored XSS in the 'Style Customize' page. " /...
Custom Header - Automatic Add New Header To Entire BurpSuite HTTP Requests
This Burp Suite extension allows you to customize header with put a new header into HTTP REQUEST BurpSuite Scanner, Intruder, Repeater, Proxy History and also you can choose whatever HTTP VERB what do you want to customize. Usage Easy to use ! : Don't forget to click save button ! Changelog 24...