Lucene search
+L

5 matches found

Huntr
Huntr
added 2022/03/11 11:10 a.m.25 views

File upload filter bypass leading to stored XSS

Description A User can upload .a-zhtml file e.g. ahtml, bhtml, chtml, ddhtml, AS LONG AS it ends with html with XSS payload. Upon upload, a URL with malicious html can be accessed and javascript will be executed. Proof of Concept taking chtml as example Step 1 Login to the demo portal with admin...

3.5CVSS5.2AI score0.00895EPSS
Exploits1
Huntr
Huntr
added 2022/03/09 6:40 p.m.16 views

File upload filter bypass leading to stored XSS

Description A User Can uplaod .cshtml file with XSS payload. Proof of Concept Login to the demo portal with admin creds at https://demo.microweber.org/demo/admin/ Navigate to page create functionality at https://demo.microweber.org/demo/admin/page/create Select the picture upload request in burp...

3.5CVSS0.00773EPSS
Exploits1References1
Veracode
Veracode
added 2022/01/07 10:36 a.m.18 views

Cross-site Scripting (XSS)

org.apache.portals.pluto.demo:v3-demo-portlet is vulnerable to cross-site scripting XSS. The library does not properly escape the user input parameters in UrlTestPortlet, allowing a remote attacker to inject and execute malicious javascript...

6.1CVSS4.7AI score0.02327EPSS
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2013/12/09 12:0 a.m.98 views

[ISecAuditors Security Advisories] PL/SQL Injection in Oracle Portal Demo Organization Chart

============================================= INTERNET SECURITY AUDITORS ALERT 2012-001 - Original release date: November 8th, 2012 - Last revised: March 20th, 2013 - Discovered by: Manuel Garcia Cardenas - Severity: 7,1/10 CVSS Base Score - CVE-ID: CVE-2013-3831...

5.5CVSS0.1AI score0.0095EPSS
Exploits1
Packet Storm
Packet Storm
added 2008/11/29 12:0 a.m.22 views

basiccms-xss.txt

--------------------------------------------------------- Portal Name: Basic Cms Vendor : http://basic-cms.de Author : PouyaServer , [email protected] Vulnerability : XSS --------------------------------------------------------- XSS: http://site.com/pages/index.php?q=alert1369...

7.4AI score
Exploits0
Rows per page
Query Builder