Multiple Stored XSS via mail parameter

Description In PhpMyFaq, while submitting a question, the mail parameter is accepting unsanitized user input which leads to Stored XSS vulnerability, executing on Admin Panel /admin/?action=question. Proof of Concept 1. Go to https://roy.demo.phpmyfaq.de/index.php?action=ask&categoryid=0 1. Fill ...

Ultimate FAQ < 2.1.2 - Subscriber+ Arbitrary FAQ Creation

The plugin does not have capability and CSRF checks in the ewdufaqwelcomeaddfaq and ewdufaqwelcomeaddfaqpage AJAX actions, available to any authenticated users. As a result, any users, with a role as low as Subscriber could create FAQ and FAQ questions...

soojip.com XSS vulnerability

Vulnerable URL: http://www.soojip.com/callcenter/faqlist.php?stage=001=faq=...

sublet.com XSS vulnerability

Vulnerable URL: https://www.sublet.com/faq/faq.asp?mode=anywords=aa%22onfocus=prompt/OPENBUGBOUNTY/%20autofocus=x%20bad=%22 Details: Description| Value ---|--- Patched:| No Latest check for patch:| 10.10.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 57809 VIP...

news.allaboutjazz.com XSS vulnerability

Vulnerable URL: https://news.allaboutjazz.com/faq.php?=1"...

webcalcsolutions.com XSS vulnerability

Vulnerable URL: http://www.webcalcsolutions.com/FAQ.asp?HighLight=1"...

roverinstruments.com XSS vulnerability

Vulnerable URL: http://www.roverinstruments.com/faq.php?padrefaq=18=How+do+I+retrieve+the+credentials+%28Username+and+Password%29+to+access+the+%E2%80%9CUpdate+SW%E2%80%9D+area+=18KNOXSS Details: Description| Value ---|--- Patched:| Yes, at 27.11.2017 Latest check for patch:| 27.11.2017 09:02 GMT...

support.tridia.com XSS vulnerability

Vulnerable URL: https://support.tridia.com/faq/showfaq.php?faqid=338"'--! Details: Description| Value ---|--- Patched:| No Latest check for patch:| 29.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated VIP website status:| No Check...

icts.kuleuven.be XSS vulnerability

Vulnerable URL: http://icts.kuleuven.be/apps/faq/indexen.php?q=xss'"=Search=icts Details: Description| Value ---|--- Patched:| Yes, at 22.08.2017 Latest check for patch:| 22.08.2017 08:02 GMT Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated V...

MaNGOSWebV4 cross-site scripting vulnerability (CNVD-2017-03504)

MaNGOSWeb is a World of Warcraft private server CMS. maNGOSWebV4 is one of the versions. A cross-site scripting vulnerability exists in the inc/admin/templatefiles/admin.faq.php page of MaNGOSWebV4. An attacker can exploit this vulnerability to inject arbitrary web script or HTML...

milb.com XSS vulnerability

Vulnerable URL: http://www.milb.com/milb/info/faq.jsp?mc=";alert'OPENBUGBOUNTY';var x=// Details: Description| Value ---|--- Patched:| No Latest check for patch:| 27.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 8616 VIP website status:| Yes Check milb.com...

mywot.com XSS vulnerability

Vulnerable URL: https://www.mywot.com/en/faq'%22alert'OPENBUGBOUNTY'...

d2w.asia XSS vulnerability

Vulnerable URL: http://www.d2w.asia/faq.php?lang=en" Details: Description| Value ---|--- Patched:| No Latest check for patch:| 27.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 15775912 VIP website status:| No Check d2w.asia SSL connection:| Grade: F...

emersoncommunityassociation.com XSS vulnerability

Vulnerable URL: http://emersoncommunityassociation.com/FAQcategorylist.asp?groupName=%22%3E%3Csvg/onload=prompt%28/XSSPOSED/%29%3E=2 Details: Description| Value ---|--- Patched:| No Latest check for patch:| 26.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank|...

CyberCMS Remote SQL Injection Vulnerability

Exploit for php platform in category web applications =========================================== CyberCMS Remote SQL Injection Vulnerability =========================================== Exploit Title: CyberCMS Remote SQL Injection Vuln. Date: 26/11/2009 Author: hc0de | hc0de.blogspot.com Software...

Unfixed XSS vulnerability at www.wananchi.com

Security researcher 444Team, has submitted on 10/02/2009 a cross-site-scripting XSS vulnerability affecting www.wananchi.com, which at the time of submission ranked 312433 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 01/07/2009. It is...

Unfixed XSS vulnerability at www.norlandprod.com

Security researcher Mystick, has submitted on 01/02/2009 a cross-site-scripting XSS vulnerability affecting www.norlandprod.com, which at the time of submission ranked 2571907 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 03/02/2009. It is...

Unfixed XSS vulnerability at www.roomft.com

Security researcher SaMTHG, has submitted on 12/10/2008 a cross-site-scripting XSS vulnerability affecting www.roomft.com, which at the time of submission ranked 2360527 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 05/11/2008. It is currentl...

Unfixed XSS vulnerability at www.promociona.net

Security researcher sl4xUz, has submitted on 18/06/2008 a cross-site-scripting XSS vulnerability affecting www.promociona.net, which at the time of submission ranked 470569 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 02/07/2008. It is...