3 matches found
SEUR Oficial < 1.7.0 - Admin+ Stored Cross-Site Scripting
The plugin does not sanitize and escape some of its settings allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed Put the following payload in one of the plugin's settings: "alert'XSS'; Affected files:...
Imgur: Persistent XSS in https://p.imgur.com/albumview.gif and http://p.imgur.com/imageview.gif / post statistics
In p.imgur.com/albumview.gif, a post paramater could be set containing html and javascript. This was not escaped properly and the code would be executed. The reporter used the following example URLs as a proof of concept https://p.imgur.com/albumview.gif?a=F78FO&r=https://community.imgur.com/aler...
CVE-2007-0769
Cross-site scripting XSS vulnerability in register.php in Phorum 5.1.18 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: the vendor disputes this vulnerability, stating that "The characters are escaped properly...