12 matches found
PT-2026-29785
phpMyFAQ is an open source FAQ web application. Prior to version 4.1.1, the regex-based SVG sanitizer in phpMyFAQ SvgSanitizer.php can be bypassed using HTML entity encoding in javascript: URLs within SVG attributes. Any user with edit faq permission can upload a malicious SVG that executes...
phpMyFAQ: SVG Sanitizer Bypass via HTML Entity Encoding Leads to Stored XSS and Privilege Escalation
Summary The regex-based SVG sanitizer in phpMyFAQ SvgSanitizer.php can be bypassed using HTML entity encoding in javascript: URLs within SVG attributes. Any user with editfaq permission can upload a malicious SVG that executes arbitrary JavaScript when viewed, enabling privilege escalation from...
FacturaScripts 跨站脚本漏洞
FacturaScripts is an open-source ERP software developed by Carlos Garcia, a Spanish developer. Versions of FacturaScripts prior to 2025.71 contained a cross-site scripting vulnerability. This vulnerability occurred due to improper HTML entity encoding during the rendering of historical data in th...
EUVD-2020-13425
Malware in sbrugna...
CVE-2020-20640
Cross Site Scripting XSS vulnerability in ECShop 4.0 due to security filtering issues, in the user.php file, we can use the html entity encoding to bypass the security policy of the safety.php file, triggering the xss vulnerability...
Cross site scripting
Cross Site Scripting XSS vulnerability in ECShop 4.0 due to security filtering issues, in the user.php file, we can use the html entity encoding to bypass the security policy of the safety.php file, triggering the xss vulnerability...
CVE-2020-20640
The CVE-2020-20640 entry describes a Cross Site Scripting (XSS) vulnerability in ECShop 4.0, triggered via the user.php file by bypassing the safety.php security policy through HTML entity encoding. The issue arises from security filtering gaps, enabling XSS (no full details on exploitation metho...
CVE-2020-20640
Cross Site Scripting XSS vulnerability in ECShop 4.0 due to security filtering issues, in the user.php file, we can use the html entity encoding to bypass the security policy of the safety.php file, triggering the xss vulnerability...
Acronis: Reflected Cross Site Scripting at http://www.grouplogic.com/files/glidownload/verify3.asp [Uppercase Filter Bypass]
Summary The below URL checks if the product serial number provided in the url parameter serial is valid or not. http://www.grouplogic.com/files/glidownload/verify3.asp?version=CC1100x7660&serial= If an invalid product serial is provided, the user submitted serial is displayed in the response. It...
Acronis: Stored Cross Site Scripting at http://www.grouplogic.com/ADMIN/store/index.cfm?fa=disprocode
Summary The application exposes store ADMIN page at below URL and is accessible without authentication. http://www.grouplogic.com/ADMIN/store/index.cfm The ADMIN page provides several functionalities. Among them the below functionality is found to be vulnerable to stored XSS. - View and Edit Prom...
The React application in the most common XSS exploits and Defense-vulnerability warning-the black bar safety net
The author has been firmly React technology stack of the user, and therefore will pay attention to the React application security related topics. The author in my ownReact+Redux+Webpack2scaffolding the third level also uses a lot of server-side rendering/isomorphism straight out of the technology...
destoon最新版某敏感功能xss指哪打哪
简要描述: 之前提交过,官方说补了 http://www.wooyun.org/bugs/wooyun-2014-053573 于是我看看修补以后的效果。 详细说明: 这是最新版的过滤富文本xss的函数: 已经解决了之前的问题。用expressi0n替换了expression。看似似乎没问题了。 其实还有各种问题。IE还有一个容错特性,那就是expression,其中加斜杠\,在IE6789上是可以触发的(当然我没测试更高版本)。所以,利用这个特性,可以绕过dsafe函数的过滤。 这时候,我们测试: 照弹无误:...