Hero Framework - usersforgot_password?error Cross-Site Scripting

Hero Framework - usersforgotpassword?error Cross-Site Scripting source: https://www.securityfocus.com/bid/59041/info Hero is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input. Exploiting these issues could allow an attacker to ste...

Hero Framework - '/users/forgot_password?error' Cross-Site Scripting

source: https://www.securityfocus.com/bid/59041/info Hero is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the...

Multiple XSS in Hero Framework

High-Tech Bridge Security Research Lab discovered two XSS vulnerabilities in Hero Framework, which can be exploited to perform cross-site scripting attacks against vulnerable application. 1 Multiple XSS in Hero Framework: CVE-2013-2649 1.1 The vulnerability exists due to insufficient sanitisation...

Hero Framework Cross-Site Scripting and Request Forgery Vulnerabilities

Hero Framework is prone to multiple cross site scripting and CSRF vulnerabilities. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescriptio...

Hero Framework 3.76 Cross Site Scripting Vulnerability

Hero Framework version 3.76 suffers from multiple cross site scripting vulnerabilities. Advisory: Hero Framework 3.76 Multiple Cross-site Scripting vulnerabilities Author: Stefan Schurtz Affected Software: Successfully tested on Hero Framework 3.76 Vendor URL: http://www.heroframework.com/ Vendor...

Hero Framework 3.76 Cross Site Scripting

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Advisory: Hero Framework 3.76 Multiple Cross-site Scripting vulnerabilities Advisory ID: SSCHADV2012-023 Author: Stefan Schurtz Affected Software: Successfully tested on Hero Framework 3.76 Vendor URL: http://www.heroframework.com/ Vendor Status:...

Hero Framework - userslogin Username Cross-Site Scripting

Hero Framework - userslogin Username Cross-Site Scripting source: https://www.securityfocus.com/bid/57035/info Hero is prone to multiple cross-site scripting vulnerabilities and a cross-site request-forgery vulnerability. An attacker can exploit these vulnerabilities to execute arbitrary script...

Hero Framework - users/login 'Username' Cross-Site Scripting

source: https://www.securityfocus.com/bid/57035/info Hero is prone to multiple cross-site scripting vulnerabilities and a cross-site request-forgery vulnerability. An attacker can exploit these vulnerabilities to execute arbitrary script code in the browser of an unsuspecting user in the context ...

Hero Framework - 'search?q' Cross-Site Scripting

source: https://www.securityfocus.com/bid/57035/info Hero is prone to multiple cross-site scripting vulnerabilities and a cross-site request-forgery vulnerability. An attacker can exploit these vulnerabilities to execute arbitrary script code in the browser of an unsuspecting user in the context ...

Hero Framework 3.69 Cross Site Scripting

Hero Framework 3.69 Remote Reflected Cross-Site Scripting Vulnerability Vendor: Electric Function, Inc. Product web page: http://www.heroframework.com Affected version: 3.69 Summary: Hero formerly Caribou CMS is a white label, open source PHP website content management system CMS and development...

Hero Framework 3.69 Remote Reflected Cross-Site Scripting Vulnerability

Summary Hero formerly Caribou CMS is a white label, open source PHP website content management system CMS and development platform. Description Hero suffers from a XSS vulnerability when parsing user input to the 'month' parameter via GET method. Attackers can exploit this weakness to execute...