EUVD-2019-4962

Malware in sbrugna...

CVE-2020-20508

Shopkit v2.7 contains a reflective cross-site scripting XSS vulnerability in the /account/register component, which allows attackers to hijack user credentials via a crafted payload in the E-Mail text field...

CVE-2020-21357

A stored cross site scripting XSS vulnerability in /admin.php?mod=user=addnew of PopojiCMS 1.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the E-Mail field...

Visual Form Builder < 3.0.7 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape the form's 'Email to' field , which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed Create/edit a form and put the following payload in the 'E-mail To' field: " The XSS will be...

CVE-2020-20508

Shopkit v2.7 contains a reflective cross-site scripting XSS vulnerability in the /account/register component, which allows attackers to hijack user credentials via a crafted payload in the E-Mail text field...

CVE-2020-21357

A stored cross site scripting XSS vulnerability in /admin.php?mod=user&act=addnew of PopojiCMS 1.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the E-Mail field...

Cross site scripting

A stored cross site scripting XSS vulnerability in /admin.php?mod=user&act=addnew of PopojiCMS 1.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the E-Mail field...

CVE-2020-21357

A stored cross site scripting XSS vulnerability in /admin.php?mod=user&act=addnew of PopojiCMS 1.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the E-Mail field...

Cross site scripting

An issue was discovered in Navigate CMS 2.9 r1433. There is a stored XSS vulnerability that is executed on the page to view users, and on the page to edit users. This is present in both the User field and the E-Mail field. On the Edit user page, the XSS is only triggered via the E-Mail field;...

CVE-2019-13505

The Appointment Hour Booking plugin 1.1.44 for WordPress allows XSS via the E-mail field, as demonstrated by email1...

CVE-2019-10027

PHPCMS 9.6.x through 9.6.3 has XSS via the mailbox aka E-mail field on the personal information screen...

NordVPN 6.19.6 - Denial of Service (PoC)

-- coding: utf-8 -- Exploit Title: NordVPN 6.19.6 - Denial of Service PoC Date: 07/02/2019 Author: Alejandra Sánchez Vendor Homepage: https://nordvpn.com/ Software Link: https://downloads.nordcdn.com/apps/windows/10/NordVPN/latest/NordVPNSetup.exe Version: 6.19.6 Tested on: Windows 10 Proof of...

CVE-2006-0075

Direct static code injection vulnerability in phpBook 1.3.2 and earlier allows remote attackers to execute arbitrary PHP code via the e-mail field mail variable in a new message, which is written to a PHP file...