Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

Huntr
Huntradded 2022/04/30 1:51 a.m.10 views

Cross-site Scripting (XSS) - Stored

Description I am able to bypass the fix in the report https://huntr.dev/bounties/4f7be1e2-b844-4def-af9f-136dcce1c349/ which caused the XSS vulnerability. The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page...

6.1AI score
Exploits0
Huntr
Huntradded 2022/04/27 4:26 a.m.13 views

Cross-site Scripting (XSS) - Stored via htm file upload

Description rosariosis is vulnerable to Stored XSS in the File upload in Assignments by uploading an htm file with the javascript code inside. Proof-of-Concept phish.htm Test Upload File Test upload alert1 Step to reproduce From attacker side student 1.Login to the demo environment by student...

6.1AI score
Exploits0
Huntr
Huntradded 2022/04/27 3:47 a.m.147 views

Cross-site Scripting (XSS) - Stored via xHTML file upload

Description rosariosis is vulnerable to Stored XSS in the File upload in Assignments by uploading an xHTML file with the javascript code inside. Proof of Concept phish.xhtml alertdocument.domain; Step to reproduce From attacker side student 1.Login to the demo environment by student account...

0.5AI score
Exploits0
Huntr
Huntradded 2022/04/26 8:18 a.m.25 views

Cross-site Scripting (XSS) - Stored via HTML file upload

Description rosariosis is vulnerable to Stored XSS in the File upload in Assignments by uploading an HTML file with the javascript code inside. Proof-of-Concept phish.html Test Upload File Test upload alert1 Step to reproduce From attacker side student 1.Login to the demo environment by student...

6AI score
Exploits0
Huntr
Huntradded 2021/11/27 7:6 a.m.11 views

Cross-site Scripting (XSS) - Stored in francoisjacquet/rosariosis

Description I found XSS in the file upload function of the message function. Proof of Concept Step 1.First, access the latest version of the demo environment. "Https://www.rosariosis.org/demonstration/index.php" 2.Then log in with your student account. Student: username and password “student“...

4.9CVSS5.7AI score0.00348EPSS
Exploits1References2
Akamai Blog
Akamai Blogadded 2018/05/02 2:27 p.m.16 views

How to Make Your Demo Environment Easy, Accessible...AND Secure

A common misconception I've heard in the field is that a tradeoff exists between easy access for applications and network security. For example, companies want to allow their sales team, partners, and prospects access into demo environments. With traditional access solutions, there is a question ...

0.6AI score
Exploits0
Packet Storm
Packet Stormadded 2018/03/22 12:0 a.m.32 views

Domaintrader 2.5.3 Cross Site Scripting

i? Domaintrader v.2.5.3 Cross-Site Scripting 6th of February, 2018 Found by Uladzislau Murashka - https://sm0k3.net Vendor homepage: www.smartscriptsolutions.com Software link: http://www.smartscriptsolutions.com/domain-trader/ Version of local application copy: 2.5.2 but valid also for 2.5.3...

7.1AI score
Exploits0
Rows per page
Query Builder