Lucene search
K

128 matches found

OSV
OSV
added 2021/07/09 10:15 p.m.13 views

CVE-2021-35361

A reflected cross site scripting XSS vulnerability in dotAdmin//c/links of dotCMS 21.05.1 allows attackers to execute arbitrary commands or HTML via a crafted payload...

4.8CVSS5.9AI score
Exploits0References1
Packet Storm
Packet Storm
added 2021/01/25 12:0 a.m.261 views

Collabtive 3.1 Cross Site Scripting

Exploit Title: Collabtive 3.1 - 'address' Persistent Cross-Site Scripting Date: 2021-01-23 Exploit Author: Deha Berkin Bir Vendor Homepage: https://collabtive.o-dyn.de/ Version: 3.1 Tested on: Windows & XAMPP == Tutorial Executed Payloads " onfocus="alert1" autofocus=" HTML Payload == DehaBerkinB...

0.1AI score
Exploits0
Hacker One
Hacker One
added 2020/08/20 3:22 a.m.32 views

Rocket.Chat: Session Hijack via Self-XSS

Summary: It's possible to hijack a session by tricking the user to perform a Self-XSS on the drag and drop functionality in the chat. Description: Self-XSS is an underrated vulnerability that can have a harmful impact on the users of the application like here, after we get access to the user's...

4.3CVSS0.2AI score0.00903EPSS
Exploits1
OSV
OSV
added 2018/09/02 10:29 p.m.9 views

UBUNTU-CVE-2018-16358

A cross-site scripting XSS vulnerability in inc/core/class.dc.core.php in the media manager in Dotclear through 2.14.1 allows remote authenticated users to upload HTML content containing an XSS payload with the file extension .ahtml...

5.4CVSS5.9AI score0.0068EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2018/03/26 5:29 p.m.2 views

CVE-2018-8937

An issue was discovered in Open-AudIT Professional 2.1. It is possible to inject a malicious payload in the redirecturl parameter to the /login URI to trigger an open redirect. A "data:text/html;base64," payload can be used with JavaScript code...

6.1CVSS5.6AI score0.00699EPSS
Exploits1References2
Hacker One
Hacker One
added 2016/06/17 11:35 a.m.37 views

Nextcloud: Stored XSS on Share-popup of a directory's Gallery-view

Hi, Nice with the program launch! Congrats! I noticed that there was a Share-icon when toggling to the Gallery-view of a directory under "Nextcloud Files": F99938 If your directory has a malicious name such as a HTML-payload: , this HTML will run when clicking on the Share-icon: F99937 I see that...

3.5CVSS0.1AI score0.01373EPSS
Exploits1
Packet Storm
Packet Storm
added 2011/11/29 12:0 a.m.60 views

Android content:// Information Disclosure

Android Data Stealing Web PageClick: Malicious Link"; // Stage 1: Redirect to Stage 2 which will force a download of the HTML/JS payload, then a few seconds later redirect // to the payload. We load the payload using a Content Provider so...

4.3CVSS6.6AI score0.26952EPSS
Exploits8
Prion
Prion
added 2009/01/28 6:30 p.m.17 views

Cross site scripting

Cross-site scripting XSS vulnerability in Web Dynpro WD in the SAP NetWeaver portal, when Internet Explorer 7.0.5730 is used, allows remote attackers to inject arbitrary web script or HTML via a crafted URI, which causes the XSS payload to be reflected in a text/plain document...

4.3CVSS5.3AI score0.01528EPSS
Exploits0References9
Rows per page
Query Builder