GHSA-HMW2-7CC7-3QXX form-data: CRLF injection in form-data via unescaped multipart field names and filenames

Summary form-data builds multipart/form-data request bodies. Through v4.0.5, the field name passed to FormDataappend and the filename option are concatenated directly into the Content-Disposition header with no escaping of CR \r, LF \n, or ". An application that uses untrusted input as a field na...

Online Reviewer Management System 1.0 Cross Site Scripting

Exploit Title: Online Reviewer Management System Persistent Cross Site Scripting Exploit Author: th3d1gger Vendor Homepage: https://sourcecodester.com Software Link: https://www.sourcecodester.com/sites/default/files/download/janobe/reviewer0.zip Version: 1.0 Tested on Windows 10 @attack request...

OpenCart - Change User Password CSRF Vulnerability

No description provided by source. Exploit Title : OpenCart CSRF Date : 2013/4/2 Exploit Author : Saadat Ullah ? [email protected] Software Link : http://www.opencart.com/index.php?route=download/download : https://github.com/opencart Software web : www.opencart.com Author HomePage :...