ZTE MF65 BD_HDV6MF65V1.0.0B05 - Cross-Site Scripting Vulnerability

Exploit for hardware platform in category web applications Exploit Title: Reflected Cross-Site Scripting on ZTE MF65 Exploit Author: Nathu Nandwani Website: http://nandtech.co/ Vendor Homepage: http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1009483 Version:...

ZTE MF65 BD_HDV6MF65V1.0.0B05 - Cross-Site Scripting

Exploit Title: Reflected Cross-Site Scripting on ZTE MF65 Date: 01/09/2019 Exploit Author: Nathu Nandwani Website: http://nandtech.co/ Vendor Homepage: http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1009483 Version: BDHDV6MF65V1.0.0B05 Tested on: Windows 10 x64 CVE:...

GHSA-G68X-VVQQ-PVW3 Ckeditor XSS Vulnerability

CKEditor 4.x before 4.11.0 allows user-assisted XSS involving a source-mode paste. It was possible to execute XSS inside the CKEditor source area after persuading the victim to: i switch CKEditor to source mode, then ii paste a specially crafted HTML code, prepared by the attacker, into the opene...

Rockwell Automation Allen-Bradley CompactLogix Cross-Site Scripting (CVE-2016-2279)

A cross site scripting vulnerability has been reported in Rockwell Scada System. The vulnerability is due to lack of sanitization of user supplied input data. A remote attacker can exploit this vulnerability to execute arbitrary HTML and script code in a browser session in the context of the...

CVE-2018-14664

A flaw was found in foreman from versions 1.18. A stored cross-site scripting vulnerability exists due to an improperly escaped HTML code in the breadcrumbs bar. This allows a user with permissions to edit which attribute is used in the breadcrumbs bar to store code that will be executed on the...

Cross site scripting

A flaw was found in foreman from versions 1.18. A stored cross-site scripting vulnerability exists due to an improperly escaped HTML code in the breadcrumbs bar. This allows a user with permissions to edit which attribute is used in the breadcrumbs bar to store code that will be executed on the...

CVE-2018-14664

A flaw was found in foreman from versions 1.18. A stored cross-site scripting vulnerability exists due to an improperly escaped HTML code in the breadcrumbs bar. This allows a user with permissions to edit which attribute is used in the breadcrumbs bar to store code that will be executed on the...

GHSA-P7C9-JQHQ-VR3V Remote Code Execution in markdown-pdf

Versions of markdown-pdf prior to 9.0.0 are vulnerable to Remote Code Execution. The package fails to sanitize HTML code in markdown files. If markdown files with malicious HTML are converted to PDF, the resulting PDF file will execute any JavaScript code in the original markdown file. This may...

Remote Code Execution in markdown-pdf

Versions of markdown-pdf prior to 9.0.0 are vulnerable to Remote Code Execution. The package fails to sanitize HTML code in markdown files. If markdown files with malicious HTML are converted to PDF, the resulting PDF file will execute any JavaScript code in the original markdown file. This may...

Cross-site Scripting (XSS)

markdown-pdf is vulnerable to cross-site scripting XSS attacks. The application does not properly sanitize user input, allowing a malicious user can pass a markdown file to the application to inject and execute arbitrary HTML code...

CVE-2018-3770

A path traversal exists in markdown-pdf version 9.0.0 that allows a user to insert a malicious html code that can result in reading the local files...

CVE-2018-3770

markdown-pdf versions prior to 9.0.0 are vulnerable to path traversal and potential remote code execution due to insufficient sanitization of HTML in Markdown files. Concrete details across multiple connected documents show that injecting malicious HTML can lead to reading local files and, in som...

CVE-2018-0390

A vulnerability in the web framework of Cisco Webex could allow an unauthenticated, remote attacker to conduct a Document Object Model-based DOM-based cross-site scripting XSS attack against the user of the web interface of an affected system. The vulnerability is due to insufficient input...

Cross site scripting

A vulnerability in the web framework of Cisco Webex could allow an unauthenticated, remote attacker to conduct a Document Object Model-based DOM-based cross-site scripting XSS attack against the user of the web interface of an affected system. The vulnerability is due to insufficient input...

Design/Logic Flaw

Abuse of Functionality vulnerability in the web interface in McAfee Network Security Management NSM 9.1.7.11 and earlier allows authenticated users to allow arbitrary HTML code to be reflected in the response web page via appliance web interface...

CVE-2018-6681

CVE-2018-6681 is an Abuse of Functionality vulnerability in McAfee Network Security Management (NSM) 9.1.7.11 and earlier. The issue occurs in the web interface where authenticated users can cause arbitrary HTML to be reflected in the response page, via the appliance’s web interface. Affected sof...

CVE-2018-6681 SB10244 - Network Security Management (NSM) - Abuse of Functionality vulnerability

Abuse of Functionality vulnerability in the web interface in McAfee Network Security Management NSM 9.1.7.11 and earlier allows authenticated users to allow arbitrary HTML code to be reflected in the response web page via appliance web interface...

macOSiOS - JavaScript Injection Bug in OfficeImporter

macOSiOS - JavaScript Injection Bug in OfficeImporter QuickLook is a widely used feature in macOS/iOS which allows you to preview various formats such as pdf, docx, pptx, etc. The way it uses to show office files is quite interesting. First it parses the office file and converts it to HTML code...

macOS / iOS - JavaScript Injection Bug in OfficeImporter Exploit

Exploit for multiple platform in category dos / poc QuickLook is a widely used feature in macOS/iOS which allows you to preview various formats such as pdf, docx, pptx, etc. The way it uses to show office files is quite interesting. First it parses the office file and converts it to HTML code usi...

ader-paris.fr XSS vulnerability

Open Bug Bounty ID: OBB-641354 Description| Value ---|--- Affected Website:| ader-paris.fr Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...