Lucene search
K

37 matches found

Atlassian
Atlassian
added 2013/07/16 4:47 p.m.22 views

XSS Vulnerability in AAC - Atlassian ID Display Name is not HTML-encoded on user hover

Raised from https://extranet.atlassian.com/jira/browse/INTSYS-23426...

0.8AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2012/08/16 2:13 p.m.24 views

There is a reflected xss flaw in the settings.action of dailysummary settings.action.

There is a reflected xss flaw in the settings.action of dailysummary settings.action as the username parameter is not html encoded before being rendered on the page. Here is an example of a reflected xss it adds a picture of a lolcat to the page...

0.4AI score
Exploits0
Atlassian
Atlassian
added 2012/08/16 2:13 p.m.20 views

There is a reflected xss flaw in the settings.action of dailysummary settings.action.

There is a reflected xss flaw in the settings.action of dailysummary settings.action as the username parameter is not html encoded before being rendered on the page. Here is an example of a reflected xss it adds a picture of a lolcat to the page...

0.4AI score
Exploits0Affected Software1
Packet Storm
Packet Storm
added 2012/05/11 12:0 a.m.27 views

WordPress Better WP Security Cross Site Scripting

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Wordpress Security audit betterwpsecurity 1. Cross-site scripting reflected Summary Severity: High Confidence: Certain Host: http://127.0.0.1 Path: /wp-admin/admin.php?page=betterwpsecurity Issue detail The value of the User-Agent HTTP header is copie...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2012/05/11 12:0 a.m.31 views

WordPress Custom Contact Forms Cross Site Scripting

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Wordpress Security audit Custom Contact Forms 1. Cross-site scripting reflected 1.1. http://127.0.0.1/wp-admin/options-general.php name of an arbitrarily supplied request parameter 1.2. http://127.0.0.1/wp-admin/options-general.php name of an...

Exploits0
Packet Storm
Packet Storm
added 2012/05/11 12:0 a.m.34 views

WordPress Bad Behavior Cross Site Scripting

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Wordpress Security audit bad-behavior plugin 1. Cross-site scripting reflected 1.1. http://127.0.0.1/wp-admin/options-general.php %3Cscript%3Ealert1%3C/script%3E parameter 1.2. http://127.0.0.1/wp-admin/options-general.php httpblkey parameter 1.3...

7AI score
Exploits0
Packet Storm
Packet Storm
added 2012/05/11 12:0 a.m.28 views

WordPress BulletProof Security Cross Site Scripting

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Wordpress Security audit BulletProof Security 1. Cross-site scripting reflected Summary Severity: High Confidence: Certain Host: http://127.0.0.1 Path: /wp-admin/admin.php?page=bulletproof-security/admin/options.php Issue detail The value of the...

7.4AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2011/08/17 12:0 a.m.75 views

SeaMonkey < 2.2.0 Multiple Vulnerabilities

The installed version of SeaMonkey is earlier than 2.2.0. As such, it is potentially affected by the following security issues : - Errors in the WebGL implementation can allow the loading of WebGL textures from cross-domain images or allow the crash of the application and execution of arbitrary...

10CVSS7.8AI score0.75691EPSS
Exploits22References19
NVD
NVD
added 2011/06/30 4:55 p.m.15 views

CVE-2011-2369

Cross-site scripting XSS vulnerability in Mozilla Firefox 4.x through 4.0.1 allows remote attackers to inject arbitrary web script or HTML via an SVG element containing an HTML-encoded entity...

4.3CVSS5.5AI score0.01351EPSS
Exploits0References4
Prion
Prion
added 2011/06/30 4:55 p.m.14 views

Cross site scripting

Cross-site scripting XSS vulnerability in Mozilla Firefox 4.x through 4.0.1 allows remote attackers to inject arbitrary web script or HTML via an SVG element containing an HTML-encoded entity...

4.3CVSS6AI score0.01351EPSS
Exploits0References4Affected Software1
UbuntuCve
UbuntuCve
added 2011/06/24 12:0 a.m.24 views

CVE-2011-2369

Cross-site scripting XSS vulnerability in Mozilla Firefox 4.x through 4.0.1 allows remote attackers to inject arbitrary web script or HTML via an SVG element containing an HTML-encoded entity...

4.3CVSS7.3AI score0.01351EPSS
Exploits0References2
Atlassian
Atlassian
added 2008/11/03 1:10 a.m.25 views

Logging event information is not HTML encoded in 500 error page

The Confluence 500 error page lists logging events generated during the request the produced the 500 error page. The strings rendered from this event are not HTML encoded, leaving open a chance for an attacker to exploit this via XSS. I haven't yet investigated to see whether this is actually...

1.3AI score
Exploits0
Atlassian
Atlassian
added 2008/11/03 1:10 a.m.36 views

Logging event information is not HTML encoded in 500 error page

The Confluence 500 error page lists logging events generated during the request the produced the 500 error page. The strings rendered from this event are not HTML encoded, leaving open a chance for an attacker to exploit this via XSS. I haven't yet investigated to see whether this is actually...

1.3AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2007/01/10 3:32 a.m.32 views

XSS bug: usernames not HTML-encoded in all places

When signing up for an account, it is possible to enter a username like "fred". Confluence will accept this, and on certain pages, render it as raw HTML to the user, opening the possibility of cross-site scripting XSS attacks. Two places I've spotted the raw HTML so far: - Most prominently, when ...

5.9AI score
Exploits0Affected Software1
Packet Storm
Packet Storm
added 2006/08/27 12:0 a.m.35 views

blsXSS.txt

----------------------------------------------------------------------------------------- Found by: PrOtOn & digi7al64 Date: May 20th 2006 Critical Level: High Type: Multiple Cross Site Scripting XSS vunerabilities...

7.4AI score
Exploits0
Cvelist
Cvelist
added 2006/05/16 10:0 a.m.33 views

CVE-2006-2420

Bugzilla 2.20rc1 through 2.20 and 2.21.1, when using RSS 1.0, allows remote attackers to conduct cross-site scripting XSS attacks via a title element with HTML encoded sequences such as "", which are automatically decoded by some RSS readers. NOTE: this issue is not in Bugzilla itself, but rather...

5.6AI score0.01537EPSS
Exploits0References6
Exploit DB
Exploit DB
added 2002/05/24 12:0 a.m.27 views

Microsoft MSN Messenger 1 &lt; 4 - Malformed Invite Request Denial of Service

source: https://www.securityfocus.com/bid/4827/info Microsoft's MSN Messenger is an instant messenging client for Windows based machines, based on the Passport system. A vulnerability has been reported in some versions of MSN Messenger. Under some circumstances, it may be possible to crash the...

7.4AI score
Exploits0
Rows per page
Query Builder