EUVD-2019-6139

Malware in sbrugna...

CVE-2019-15053

The "HTML Include and replace macro" plugin before 1.5.0 for Confluence Server allows a bypass of the includeScripts=false XSS protection mechanism via vectors involving an IFRAME element...

Exploit for Cross-site Scripting in Atlassian Html_Include_And_Replace_Macro

CVE-2019-15053 FAB-2019-00156 Vulnerability discoverd by me...

CVE-2019-15053

The "HTML Include and replace macro" plugin before 1.5.0 for Confluence Server allows a bypass of the includeScripts=false XSS protection mechanism via vectors involving an IFRAME element...

Design/Logic Flaw

The "HTML Include and replace macro" plugin before 1.5.0 for Confluence Server allows a bypass of the includeScripts=false XSS protection mechanism via vectors involving an IFRAME element...

CVE-2019-15053

The "HTML Include and replace macro" plugin before 1.5.0 for Confluence Server allows a bypass of the includeScripts=false XSS protection mechanism via vectors involving an IFRAME element...

Vulnerabilities in Avaya IP Office Customer Call Reporter

Hello 3APA3A! I want to warn you about vulnerabilities in Avaya IP Office Customer Call Reporter. These are Remote HTML Include and Remote XSS Include Cross-Site Scripting vulnerabilities. After I found multiple vulnerabilities in Avaya IP Office Customer Call Reporter in December, I informed ZDI...

Vulnerabilities in Avaya IP Office Customer Call Reporter

Hello 3APA3A! I want to warn you about vulnerabilities in Avaya IP Office Customer Call Reporter. These are Remote HTML Include and Remote XSS Include Cross-Site Scripting vulnerabilities. After I found multiple vulnerabilities in Avaya IP Office Customer Call Reporter in December, I informed ZDI...

Avaya IP Office Customer Call Reporter 8.0.9.13 XSS

Hello list! I want to warn you about vulnerabilities in Avaya IP Office Customer Call Reporter. These are Remote HTML Include and Remote XSS Include Cross-Site Scripting vulnerabilities. After I found multiple vulnerabilities in Avaya IP Office Customer Call Reporter in December, I informed ZDI...

PHPXref 0.7 Cross Site Scripting

Hello list! I want to warn you about Cross-Site Scripting and Remote HTML Include vulnerabilities in PHPXref. ------------------------- Affected products: ------------------------- Vulnerable are PHPXref 0.7 and previous versions. In version PHPXref 0.7.1 the developer fixed these vulnerabilities...

Уязвимости в PHPXref

Здравствуйте 3APA3A! Сообщаю вам о найденных мною Cross-Site Scripting и Remote HTML Include уязвимостях в PHPXref. XSS RXI WASC-08: http://site/nav.html?javascript:alertdocument.cookie RHI WASC-12: http://site/nav.html?http://websecurity.com.ua Уязвимы PHPXref 0.7 и предыдущие версии. В версии...

Confluence administrators (who are not necessarily sys admins) can configure whitelist

A user who has the "Confluence Administrator" permission, but not necessarily the "System Administrator" permission, can configure the new URL whitelist for the HTML-include and RSS macros. Is this good enough, from a security point of view?...

Jaws 0.5.2 - '/include/JawsDB.php' Remote File Inclusion

ToXiC Jaws 0.5.2: Remote File Inclusion by ToXiC CreW ToXic Security Italian CreW BuG FounD by Drago84 Application Affect: jaws 0.5.2 Sorce Code: http://forge.novell.com/modules/xfcontent/private.php/jaws/jaws-0.5.2/jaws-0.5.2.tar.gz Page: JawsDB.php Problem: GLOBALS"path" not Declare Dir :...