5 matches found
File upload filter bypass leading to stored XSS
Description A User can upload .a-zhtml file e.g. ahtml, bhtml, chtml, ddhtml, AS LONG AS it ends with html with XSS payload. Upon upload, a URL with malicious html can be accessed and javascript will be executed. Proof of Concept taking chtml as example Step 1 Login to the demo portal with admin...
File upload filter bypass leading to stored XSS
Description A User Can uplaod .cshtml file with XSS payload. Proof of Concept Login to the demo portal with admin creds at https://demo.microweber.org/demo/admin/ Navigate to page create functionality at https://demo.microweber.org/demo/admin/page/create Select the picture upload request in burp...
Cross-site Scripting (XSS)
org.apache.portals.pluto.demo:v3-demo-portlet is vulnerable to cross-site scripting XSS. The library does not properly escape the user input parameters in UrlTestPortlet, allowing a remote attacker to inject and execute malicious javascript...
[ISecAuditors Security Advisories] PL/SQL Injection in Oracle Portal Demo Organization Chart
============================================= INTERNET SECURITY AUDITORS ALERT 2012-001 - Original release date: November 8th, 2012 - Last revised: March 20th, 2013 - Discovered by: Manuel Garcia Cardenas - Severity: 7,1/10 CVSS Base Score - CVE-ID: CVE-2013-3831...
basiccms-xss.txt
--------------------------------------------------------- Portal Name: Basic Cms Vendor : http://basic-cms.de Author : PouyaServer , [email protected] Vulnerability : XSS --------------------------------------------------------- XSS: http://site.com/pages/index.php?q=alert1369...