The vulnerability of the ColdFusion interpreter allows attackers to inject any web script or HTML code.

The vulnerability of the ColdFusion interpreter exists due to the lack of measures taken to protect the structure of web pages. Exploiting this vulnerability allows a malicious actor to inject any desired web script or HTML code remotely...

Microsoft Internet Explorer Multiple Vulnerabilities (3116180)

This host is missing a critical security update according to Microsoft Bulletin MS15-124. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

QuikCms 6.1 - CSRF Delete Web Pages Exploit

Exploit for php platform in category web applications Title : QuikCms 6.1 - CSRF Exploit Delete Web Pages Author : ZwX Vendor : http://opensolution.org/ Download Link : http://opensolution.org/download/home.html?sFile=Quick.Cmsv6.1-en.zip Version : 6.1 Security Level : Medium Tested Os : Windows ...

The vulnerability of the Mac OS X operating system allows a hacker to execute arbitrary web or HTML code.

The vulnerability of the Notes component in the Mac OS X operating system exists due to the lack of measures taken to protect the structure of web pages. Exploiting this vulnerability allows a local attacker to execute arbitrary web or HTML code using specially crafted text...

ownCloud: Self-XSS in mails sent by [email protected]

Hello i create account with username have a payload code "alert1, and i always when i get mail from [email protected] i get mail win inject the code payload html code inject From: ownCloud Reply-To: [email protected] To: [email protected] Message-ID: Subject: ownCloud Security & Encryption 2.0; A...

Reflected Cross-Site Scripting (XSS) in SourceBans

High-Tech Bridge Security Research Lab discovered vulnerability in SourceBans, which can be exploited to perform Cross-Site Scripting XSS attacks against web application users. The vulnerability exists due to insufficient filtration of input-data passed via the "advSearch" HTTP GET parameter to...

Centreon 2.6.1 Persistent Cross Site Scripting

Centreon 2.6.1 Stored Cross-Site Scripting Vulnerability Vendor: Centreon Product web page: https://www.centreon.com Affected version: 2.6.1 CES 3.2 Summary: Centreon is the choice of some of the world's largest companies and mission-critical organizations for real-time IT performance monitoring...

Centreon 2.6.1 Stored Cross-Site Scripting Vulnerability

Summary Centreon is the choice of some of the world's largest companies and mission-critical organizations for real-time IT performance monitoring and diagnostics management. Description Centreon suffers from a stored XSS vulnerability. Input passed thru the POST parameter 'imgcomment' is not...

4images 1.7.11 Cross Site Scripting

============================================= MGC ALERT 2015-001 - Original release date: September 08, 2015 - Last revised: September 24, 2015 - Discovered by: Manuel Garcia Cardenas - Severity: 4,8/10 CVSS Base Score ============================================= I. VULNERABILITY...

The vulnerability of the Microsoft SharePoint Foundation electronic document management system allows a hacker to inject arbitrary web or HTML code.

The vulnerability of the Microsoft SharePoint Foundation e-mail delivery system exists due to the lack of measures taken to protect the structure of web pages. Exploiting this vulnerability allows a malicious actor to inject arbitrary web or HTML code remotely...

Vimeo: XSS on vimeo.com/home after other user follows you

Description If some user follows you on Vimeo, the Name of the user appears in the header of your Home like "Name followed you. The staff posted...". The problem is that the Name is not escaped, which allows to insert HTML code. Proof of concept 1. Using the attacker's account, go to...

The vulnerability of the Content Management System console of the EMC Documentum system allows a hacker to execute arbitrary HTML code.

The vulnerability of the EMC Documentum CenterStage content management console exists due to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary HTML code remotely...

WordPress JW Player Plugin <= 2.1.14 - Cross Site Scripting

Because of this vulnerability, the attackers can inject arbitrary JavaScript or HTML code. Solution Upgrade this plugin...

Microsoft Windows HTA Remote Code Execution

!/usr/bin/php poc'."\n\n"; $reza = socketcreateAFINET, SOCKSTREAM, 0 or die'Failed to create socket!'; socketbind$reza, 0,$port; socketlisten$reza; $msgd = "\x3c\x68\x74\x6d\x6c\x3e\x0d\x0a\x3c\x6d\x65\x74\x61\x20\x68\x74\x74\x70\x2d\x65\x71\x75\x69\x76"...

The vulnerability of the Moodle learning management system allows a hacker to inject arbitrary web or HTML code.

The vulnerability of the externalformattext function in the lib/externallib.php component of the Moodle learning management system exists due to the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability allows a malicious actor to inject any desired web or...

Remote HTML tag injection in Gaia System app — Mozilla

Security researcher Muneaki Nishimura reported an issue with Gaia's System app which allows an attacker to inject HTML code into the System app's context via specially-crafted search links. The injection occurs when the user opens such malicious link in the browser and then presses the HOME butto...

Reflected Cross-Site Scripting (XSS) in iTop

High-Tech Bridge Security Research Lab discovered vulnerability in iTop, which can be exploited to perform Cross-Site Scripting XSS attacks against web application users. iTop is a critical application, which is used to cover the entire set of ITIL processes. Successful attack on this web...

The system allows the upload of the xml file may lead to xss-vulnerability warning-the black bar safety net

the xml file may contain an xml-stylesheet tag is used to specify an xsl file to the xml file format and output. In the xsl output of the process, you can output any html code, including thescriptag。。。。 That you can bomb alert. However, the xml formatted script permissions is relatively small, ma...

WordPress Link Library Plugin <= 5.0.8 - Cross Site Scripting

Because of this vulnerability, the attackers can inject arbitrary JavaScript or HTML code. Vulnerable parameter "id". Solution Update the plugin...

WordPress BP Gallery Plugin <= 1.2.5 - Cross Site Scripting

Because of this vulnerability, the attackers can inject arbitrary JavaScript or HTML code. Solution Upgrade the plugin...