30 matches found
Nextcloud: Reflected Self-XSS Vulnerability in the Comment section of Files (Different-payloads)
Note::steps mentioned in report164027 In the Comments Box,the payload to execute XSS is passed. Test Payloads: alert1 Also the above payload is still working.. Also try this payload " fooalert1 Click edit comment after posted. XSS Triggers...
Beaker HTML Injection Vulnerability
Beaker is a suite of open source software used to manage and automate test computers in laboratories. Beaker in the processing of "edit comment" in the data lack of correct HTML escaping , allowing remote attackers to exploit the vulnerability to inject malicious script or HTML code , when...
Plogger - Multiple Input Validation Vulnerabilities
Plogger - Multiple Input Validation Vulnerabilities source: https://www.securityfocus.com/bid/58271/info Plogger is prone to following input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied data: 1. An SQL-injection vulnerability 2. Multiple cross-site scripting...
Design/Logic Flaw
TalkBack 2.3.14 does not properly restrict access to the edit comment feature comments.php, which allows remote attackers to modify comments...
CVE-2009-4874
CVE-2009-4874 affects TalkBack 2.3.14 where the edit comment feature (comments.php) does not correctly enforce access control, allowing remote modification of comments. The root cause is insufficient access restrictions on the edit-comment functionality. Documents do not provide a confirmed patch...
TalkBack 2.3.14 Multiple Remote Vulnerabilities
Exploit for unknown platform in category web applications =============================================== TalkBack 2.3.14 Multiple Remote Vulnerabilities =============================================== Download:http://scripts.oldguy.us/talkback/downloads2/talkback2.3.14.zip Script : talkback V...
DEBIAN-CVE-2008-3747
The 1 geteditpostlink and 2 geteditcommentlink functions in wp-includes/link-template.php in WordPress before 2.6.1 do not force SSL communication in the intended situations, which might allow remote attackers to gain administrative access by sniffing the network for a cookie...
[SA18711] MediaWiki Edit Comment Formatting Denial of Service
TITLE: MediaWiki Edit Comment Formatting Denial of Service SECUNIA ADVISORY ID: SA18711 VERIFY ADVISORY: http://secunia.com/advisories/18711/ CRITICAL: Less critical IMPACT: DoS WHERE: From remote SOFTWARE: MediaWiki 1.x http://secunia.com/product/2546/ DESCRIPTION: A vulnerability has been...
DEBIAN-CVE-2006-0322
Unspecified vulnerability the edit comment formatting functionality in MediaWiki 1.5.x before 1.5.6 and 1.4.x before 1.4.14 allows attackers to cause a denial of service infinite loop via "certain malformed links."...
CVE-2006-0322
Unspecified vulnerability the edit comment formatting functionality in MediaWiki 1.5.x before 1.5.6 and 1.4.x before 1.4.14 allows attackers to cause a denial of service infinite loop via "certain malformed links."...