26 matches found
EUVD-2020-24141
Malware in sbrugna...
EUVD-2024-44807
Malicious code in bioql PyPI...
EUVD-2025-14181
Malicious code in bioql PyPI...
CVE-2021-35238
User with Orion Platform Admin Rights could store XSS through URL POST parameter in CreateExternalWebsite website...
Malicious code in bytedmemfdd345 (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 19705d4db8178a4b1dd1282ded6d73256dc10b22125280c241524ec3e9e274af During installation, a website with the current working dir is being called. It looks like something between spam and pentest as the website is most probably n...
GHSA-3VHM-Q4W3-RW8Q OroPlatform Forced Redirect to External Website
OroPlatform is prone to open redirection which could allow attackers to redirect users to external website...
OroCRM Forced Redirect to External Website
OroCRM is prone to open redirection which could allow attackers to redirect users to external website...
GHSA-V8HP-239V-9367 OroCRM Forced Redirect to External Website
OroCRM is prone to open redirection which could allow attackers to redirect users to external website...
PT-2024-40470 · Orocrm · Orocrm
Name of the Vulnerable Software and Affected Versions: OroCRM affected versions not specified Description: The issue allows attackers to redirect users to an external website due to open redirection. Recommendations: At the moment, there is no information about a newer version that contains a fix...
PT-2024-40056 · Unknown · Oroplatform
Name of the Vulnerable Software and Affected Versions: OroPlatform affected versions not specified Description: The issue allows attackers to redirect users to an external website due to open redirection. Recommendations: At the moment, there is no information about a newer version that contains ...
Thinfinity VirtualUI 2.5.41.0 - IFRAME Injection Vulnerability
Exploit Title: Thinfinity VirtualUI 2.5.41.0 - IFRAME Injection Exploit Author: Daniel Morales Vendor: https://www.cybelesoft.com Software Link: https://www.cybelesoft.com/thinfinity/virtualui/ Version: Thinfinity VirtualUI " where "vpath=//" is the pointer to the external site to be iframed...
Thinfinity VirtualUI 2.5.41.0 IFRAME Injection
Exploit Title: Thinfinity VirtualUI 2.5.41.0 - IFRAME Injection Date: 16/12/2021 Exploit Author: Daniel Morales Vendor: https://www.cybelesoft.com Software Link: https://www.cybelesoft.com/thinfinity/virtualui/ Version: Thinfinity VirtualUI " where "vpath=//" is the pointer to the external site t...
Solarwinds Orion Platform跨站脚本漏洞
Solarwinds Orion Platform is a network fault and network performance management platform from Solarwinds, Inc. The platform provides real-time monitoring and analysis of network devices, as well as support for customized web interfaces, multiple user comments, and map-based views of the entire...
in froxlor/froxlor
✍️ Description The login form POST request can be hijacked so that the credentials will be sent to an external website, by modifying the login page URL. 🕵️♂️ Proof of Concept Change the login page URL to https://mydomain.com/index.php/evilsite.com Then the form action in the webpage will be...
Cross site scripting
The ReDi Restaurant Reservation WordPress plugin before 21.0426 provides the functionality to let users make restaurant reservations. These reservations are stored and can be listed on an 'Upcoming' page provided by the plugin. An unauthenticated user can fill in the form to make a restaurant...
ReDi Restaurant Reservations < 21.0426 - Unauthenticated Stored Cross-Site Scripting (XSS)
The ReDi Restaurant Reservations plugin provides the functionality to let users make restaurant reservations. These reservations are stored and can be listed on an 'Upcoming' page provided by the plugin. An unauthenticated user can fill in the form to make a restaurant reservation. The form to ma...
Code injection
An issue was discovered in Verint Impact 360 15.1. At wfo/control/signin, the login form can accept submissions from external websites. In conjunction with CVE-2019-12783, this can be used by attackers to "crowdsource" bruteforce login attempts on the target site, allowing them to guess and...
Quick Page/Post redirect < 5.2.0 - Authenticated Settings Update
A lack of capability check and a weak security nonce could allow a low-privileged user such as a contributor to interact with the plugin settings and to create a redirect link that would forward all traffic to an external malicious website. Redirections are performed via the 'Location' header...
Lyst: [https://█████████/]&&[https://█████████/] Open Redirection
Summary Hi Team, An attacker can redirect vicitm on an external website using https://████/account/login endpoint because next parameter is not being validated properly. Affected URL https://███/account/login/?next=///////////////////////////evil.com Steps to Reproduce 1 Go...
megane2.by Open Redirect vulnerability
Open Bug Bounty ID: OBB-271115 Description| Value ---|--- Affected Website:| megane2.by Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| Open Redirect / CWE-601 CVSSv3 Score:| 3.4...