128 matches found
CVE-2021-35361
A reflected cross site scripting XSS vulnerability in dotAdmin//c/links of dotCMS 21.05.1 allows attackers to execute arbitrary commands or HTML via a crafted payload...
Collabtive 3.1 Cross Site Scripting
Exploit Title: Collabtive 3.1 - 'address' Persistent Cross-Site Scripting Date: 2021-01-23 Exploit Author: Deha Berkin Bir Vendor Homepage: https://collabtive.o-dyn.de/ Version: 3.1 Tested on: Windows & XAMPP == Tutorial Executed Payloads " onfocus="alert1" autofocus=" HTML Payload == DehaBerkinB...
Rocket.Chat: Session Hijack via Self-XSS
Summary: It's possible to hijack a session by tricking the user to perform a Self-XSS on the drag and drop functionality in the chat. Description: Self-XSS is an underrated vulnerability that can have a harmful impact on the users of the application like here, after we get access to the user's...
UBUNTU-CVE-2018-16358
A cross-site scripting XSS vulnerability in inc/core/class.dc.core.php in the media manager in Dotclear through 2.14.1 allows remote authenticated users to upload HTML content containing an XSS payload with the file extension .ahtml...
CVE-2018-8937
An issue was discovered in Open-AudIT Professional 2.1. It is possible to inject a malicious payload in the redirecturl parameter to the /login URI to trigger an open redirect. A "data:text/html;base64," payload can be used with JavaScript code...
Nextcloud: Stored XSS on Share-popup of a directory's Gallery-view
Hi, Nice with the program launch! Congrats! I noticed that there was a Share-icon when toggling to the Gallery-view of a directory under "Nextcloud Files": F99938 If your directory has a malicious name such as a HTML-payload: , this HTML will run when clicking on the Share-icon: F99937 I see that...
Android content:// Information Disclosure
Android Data Stealing Web PageClick: Malicious Link"; // Stage 1: Redirect to Stage 2 which will force a download of the HTML/JS payload, then a few seconds later redirect // to the payload. We load the payload using a Content Provider so...
Cross site scripting
Cross-site scripting XSS vulnerability in Web Dynpro WD in the SAP NetWeaver portal, when Internet Explorer 7.0.5730 is used, allows remote attackers to inject arbitrary web script or HTML via a crafted URI, which causes the XSS payload to be reflected in a text/plain document...