32 matches found
EUVD-2026-29056
Reflected Cross-Site Scripting XSS in the latest demo version of the Cradle eCommerce platform. User-controlled input is insecurely reflected in the HTML output in the endpoint /collection/. Exploitation of this vulnerability would allow an attacker to execute arbitrary JavaScript code...
CVE-2026-3319
Reflected Cross-Site Scripting XSS in the latest demo version of the Cradle eCommerce platform. User-controlled input is insecurely reflected in the HTML output in the endpoint /collection/. Exploitation of this vulnerability would allow an attacker to execute arbitrary JavaScript code...
CVE-2026-3320 Multiple vulnerabilities in Cradle e-commerce
Reflected Cross-Site Scripting XSS in the latest demo version of the Cradle eCommerce platform. User-controlled input is insecurely reflected in the HTML output in the endpoint /product/. Exploitation of this vulnerability would allow an attacker to execute arbitrary JavaScript code...
CVE-2026-3320 Multiple vulnerabilities in Cradle e-commerce
Reflected Cross-Site Scripting XSS in the latest demo version of the Cradle eCommerce platform. User-controlled input is insecurely reflected in the HTML output in the endpoint /product/. Exploitation of this vulnerability would allow an attacker to execute arbitrary JavaScript code...
CVE-2026-3319
CVE-2026-3319: Reflected Cross-Site Scripting (XSS) in the latest demo version of the Cradle eCommerce platform. User-supplied input is insecurely reflected in HTML output at the /collection/ endpoint, enabling arbitrary JavaScript execution. CVSSv4.0 base score 5.1 (Medium) with network attack v...
CVE-2026-3319 Multiple vulnerabilities in Cradle e-commerce
Reflected Cross-Site Scripting XSS in the latest demo version of the Cradle eCommerce platform. User-controlled input is insecurely reflected in the HTML output in the endpoint /collection/. Exploitation of this vulnerability would allow an attacker to execute arbitrary JavaScript code...
CVE-2026-3319 Multiple vulnerabilities in Cradle e-commerce
Reflected Cross-Site Scripting XSS in the latest demo version of the Cradle eCommerce platform. User-controlled input is insecurely reflected in the HTML output in the endpoint /collection/. Exploitation of this vulnerability would allow an attacker to execute arbitrary JavaScript code...
CVE-2026-3318
Open redirection vulnerability in the latest demo version of the Cradle eCommerce platform. The vulnerability occurs in the login form endpoint, where the ‘returnUrl’ parameter allows redirection because the web application accepts a URL as a parameter without properly validating it. As a result,...
📄 INDAMED - MEDICAL OFFICE Demo Version Privilege Escalation / Default Credentials
INDAMED - MEDICAL OFFICE demo version revision 18544 II/20224 suffers from local privilege escalation and default credential vulnerabilities. SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Local Privilege Escalation a...
Cross Site Scripting in Open Web Analytics on most statistics related pages
Description The makeJson method within the owatemplate class generates a JSON string in an unsafe manner. This method is utilized within the report.tpl file, where it receives parameters from the URL and generates a JSON string using them without properly sanitizing. Proof of Concept The...
Improper Input Validation
Description Input validation is a frequently-used technique for checking potentially dangerous inputs in order to ensure that the inputs are safe for processing within the code, or when communicating with other components. When software does not validate input properly, an attacker is able to cra...
RealFlex RealWin Vulnerabilities
Overview This ICS-CERT Advisory is a follow-up to the ICS-CERT Alert titled, “ICS-ALERT-11-080-04—Multiple Vulnerabilities in RealFlex RealWin.” An independent researcher has published exploit code for seven vulnerabilities identified in RealFlex Technologies’ RealWin 2.1.10 Demo Supervisory...
Calibre Companion Demo Version - Customized SSL, Dangerous filesystem permissions vulnerabilities
HackApp vulnerability scanner discovered that application Calibre Companion Demo Version published at the 'play' market has multiple vulnerabilities...
bloofoxCMS 0.5.0 Cross Site Scripting
Affected software: bloofox cms Type of vulnerability:xss URL:bloofox.com Discovered by: provensec Website: provensec.com version: 0.5.0 Proof of concept http://demo.bloofox.com/admin/index.php?mode=content&page=media&action=edit&file=%22%3E%3Cimg%20src=d%20onerror=confirm1;%3E&type=1%27...
Free File Hosting System 1.1 register.php AD_BODY_TEMP Parameter Remote File Inclusion
No description provided by source. source: http://www.securityfocus.com/bid/23118/info Free File Hosting is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues may allow an attacker to compromise the applicati...
SWsoft Plesk Reloaded 7.1 - Login_name Parameter Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/11024/info It is reported that Plesk Reloaded may be affected by a cross-site scripting vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied URI input. This issue could permi...
INFINICART sendpassword.asp email Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/21043/info Infinicart is prone to multiple input-validation vulnerabilities, including HTML-injection and SQL-injection issues, because the application fails to properly sanitize user-supplied input. A successful exploit ...
ChatBlazer Flash Chat Cross Site Scripting
Exploit Title: ChatBlazer Flash Chat Cross Site Scripting Date: 19.04.2012 Author: Sony Software Link: www.chatblazer.com/ Web Browser : Mozilla Firefox Blog : http://st2tea.blogspot.com PoC: http://st2tea.blogspot.com/2012/04/chatblazer-flash-chat-cross-site.html...
World Of Warcraft Denial Of Service
!/usr/bin/perl Exploit Title: World Of Warcraft Local Stack Overflow Dos Exploit chat-cache.txt Date: 04/09/2011 Author: BSOD Digital Fabien DROMAS Other details:"Code Exec" Exploit in analysis. Tests: OS: Windows 7 Versions: burning crusade,cataclism, Demo Version. Path: world of warcraft WTF...
World Of Warcraft - chat-cache.txt Local Stack Overflow Denial of Service
World Of Warcraft - chat-cache.txt Local Stack Overflow Denial of Service !/usr/bin/perl Exploit Title: World Of Warcraft Local Stack Overflow Dos Exploit chat-cache.txt Date: 04/09/2011 Author: BSOD Digital Fabien DROMAS Other details:"Code Exec" Exploit in analysis. Tests: OS: Windows 7 Version...