46 matches found
Tutor LMS < 1.9.9 - Multiple Admin+ Stored Cross-Site Scripting
The plugin does not escape some of its settings before outputting them in attributes, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. Put the following payload in the Plugin's Settings General "Error message for...
CVE-2021-2404
Vulnerability in the PeopleSoft Enterprise HCM Candidate Gateway product of Oracle PeopleSoft component: e-mail notification. The supported version that is affected is 9.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft...
Multiple vulnerabilities in Drag Drop Mass Upload (ameos_dragndropupload)
It has been discovered that the extension "Drag Drop Mass Upload" ameosdragndropupload is susceptible to Cross-Site Scripting, Cross-Site Request Forgery and Improper Access Control. Release Date: December 15, 2014 Component Type: Third party extension. This extension is not a part of the TYPO3...
Multiple Vulnerabilities in Draytek Vigor 2130
VIGOR 2130 firmware 1.5.4.9 1.1. Command injection in traceroute functionality A user can execute arbitrary commands RCE on the router by abusing the traceroute functionality. The interface expects an IP address as input, but does not validate the input. Just provide the input: ; id The above...
Unfixed XSS vulnerability at www.sernin-immobilier.com
Security researcher Atmon3r, has submitted on 30/01/2012 a cross-site-scripting XSS vulnerability affecting www.sernin-immobilier.com, which at the time of submission ranked 0 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 16/02/2012. It is...
Unfixed XSS vulnerability at www.vokrugsveta.ru
Security researcher Atmon3r, has submitted on 17/12/2011 a cross-site-scripting XSS vulnerability affecting www.vokrugsveta.ru, which at the time of submission ranked 29109 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 18/12/2011. It is...
Unfixed XSS vulnerability at www.eicesi.fr
Security researcher warvector, has submitted on 17/03/2011 a cross-site-scripting XSS vulnerability affecting www.eicesi.fr, which at the time of submission ranked 1711715 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 13/12/2011. It is...
Unfixed XSS vulnerability at webint.oi.net.br
Security researcher Brenn0, has submitted on 09/08/2010 a cross-site-scripting XSS vulnerability affecting webint.oi.net.br, which at the time of submission ranked 87414 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 21/11/2011. It is currentl...
Unfixed XSS vulnerability at www.biomedcentral.com
Security researcher nullbyt3, has submitted on 28/07/2010 a cross-site-scripting XSS vulnerability affecting www.biomedcentral.com, which at the time of submission ranked 24891 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 15/12/2011. It is...
Unfixed XSS vulnerability at www.icomplaints.in
Security researcher Th3 RDX, has submitted on 01/07/2010 a cross-site-scripting XSS vulnerability affecting www.icomplaints.in, which at the time of submission ranked 204926 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 05/07/2010. It is...
Unfixed XSS vulnerability at newweb.syups.tp.edu.tw
Security researcher Xylitol, has submitted on 10/01/2009 a cross-site-scripting XSS vulnerability affecting newweb.syups.tp.edu.tw, which at the time of submission ranked 14852 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 16/12/2011. It is...
Unfixed XSS vulnerability at www.istanbulindeks.com
Security researcher Dark.Man, has submitted on 15/08/2009 a cross-site-scripting XSS vulnerability affecting www.istanbulindeks.com, which at the time of submission ranked 0 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 04/07/2010. It is...
Unfixed XSS vulnerability at www.metamorphosis.org.mk
Security researcher www.intelcomms.net, has submitted on 17/02/2009 a cross-site-scripting XSS vulnerability affecting www.metamorphosis.org.mk, which at the time of submission ranked 3955945 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on...
Unfixed XSS vulnerability at www.la-villette.be
Security researcher Mystick, has submitted on 18/01/2009 a cross-site-scripting XSS vulnerability affecting www.la-villette.be, which at the time of submission ranked 0 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 20/01/2009. It is currently...
Unfixed XSS vulnerability at www.lotosgdansk.pl
Security researcher asirr, has submitted on 26/12/2008 a cross-site-scripting XSS vulnerability affecting www.lotosgdansk.pl, which at the time of submission ranked 382504 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 01/07/2009. It is...
Unfixed XSS vulnerability at www.leboost.com
Security researcher Zeryus, has submitted on 12/05/2008 a cross-site-scripting XSS vulnerability affecting www.leboost.com, which at the time of submission ranked 95807 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 07/06/2008. It is currently...
Unfixed XSS vulnerability at www.smethailand.com
Security researcher Hanno Boeck, has submitted on 11/06/2008 a cross-site-scripting XSS vulnerability affecting www.smethailand.com, which at the time of submission ranked 2221554 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 26/06/2008. It i...
Unfixed XSS vulnerability at www.sancarweb.com
Security researcher 1923Turk, has submitted on 17/07/2008 a cross-site-scripting XSS vulnerability affecting www.sancarweb.com, which at the time of submission ranked 1677813 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 23/09/2008. It is...
Unfixed XSS vulnerability at stores.musictoday.com
Security researcher Genocide, has submitted on 22/05/2008 a cross-site-scripting XSS vulnerability affecting stores.musictoday.com, which at the time of submission ranked 7320 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 08/06/2008. It is...
Unfixed XSS vulnerability at www.dagenshoroskop.nu
Security researcher Uber0n, has submitted on 19/05/2008 a cross-site-scripting XSS vulnerability affecting www.dagenshoroskop.nu, which at the time of submission ranked 1075080 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 19/05/2008. It is...