1007 matches found
Spoofing
An issue was discovered in Sage DPW 202006x before 202006002. It allows unauthenticated users to upload JavaScript in a file via the expenses claiming functionality. However, to view the file, authentication is required. By exploiting this vulnerability, an attacker can persistently include...
Input validation
An Improper Data Validation Vulnerability exists in Webmin 1.941 and earlier affecting the Command Shell Endpoint. A user may enter HTML code into the Command field and submit it. Then, after visiting the Action Logs Menu and displaying logs, the HTML code will be rendered however, JavaScript is...
CVE-2020-8821
An Improper Data Validation Vulnerability exists in Webmin 1.941 and earlier affecting the Command Shell Endpoint. A user may enter HTML code into the Command field and submit it. Then, after visiting the Action Logs Menu and displaying logs, the HTML code will be rendered however, JavaScript is...
Cross site scripting
A vulnerability in the web-based management interface of Cisco Web Security Appliance WSA could allow an unauthenticated, remote attacker to conduct cross-site scripting XSS attacks against a user of the interface of an affected device. The vulnerability is due to insufficient validation of...
Design/Logic Flaw
AEM versions 6.5.5.0 and below, 6.4.8.1 and below, 6.3.3.8 and below and 6.2 SP1-CFP20 and below are affected by an HTML injection vulnerability in the content editor component that allows unauthenticated users to craft an HTTP request that includes arbitrary HTML code in a parameter value. An...
Cisco Email Security Appliance (ESA) Information Disclosure (cisco-sa-sma-wsa-esa-info-dis-vsvPzOHP)
According to its self-reported version, the Cisco Email Security Appliance ESA is affected by an information disclosure vulnerability in the web-based management interface of Cisco AsyncOS software due to the use of an insecure method to mask certain passwords on the web-based management interfac...
Cisco Content Security Management Appliance (SMA) Information Disclosure (cisco-sa-sma-wsa-esa-info-dis-vsvPzOHP)
According to its self-reported version, the Cisco Content Security Management Appliance SMA is affected by an information disclosure vulnerability in the web-based management interface of Cisco AsyncOS software due to the use of an insecure method to mask certain passwords on the web-based...
CVE-2020-14201
Dolibarr CRM before 11.0.5 allows privilege escalation. This could allow remote authenticated attackers to upload arbitrary files via societe/document.php in which "disabled" is changed to "enabled" in the HTML source code...
vBulletin 5.6.2 Persistent Cross Site Scripting
Exploit Title: vBulletin 5.6.2 Stored XSS Date:15.08.2020 Author: Vincent666 ibn Winnie Software Link: https://www.vbulletin.com/en/features/ Tested on: Windows 10 Web Browser: Mozilla Firefox Blog : https://pentest-vincent.blogspot.com/ PoC:...
HawkScan - Security Tool For Reconnaissance And Information Gathering On A Website
Security Tool for Reconnaissance and Information Gathering on a website. python 2.x & 3.x This script use "WafW00f" to detect the WAF in the first step https://github.com/EnableSecurity/wafw00f This script use "Sublist3r" to scan subdomains https://github.com/aboul3la/Sublist3r This script use...
CVE-2020-3345
A vulnerability in certain web pages of Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to modify a web page in the context of a browser. The vulnerability is due to improper checks on parameter values within affected pages. An attacker could...
Design/Logic Flaw
A vulnerability in certain web pages of Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to modify a web page in the context of a browser. The vulnerability is due to improper checks on parameter values within affected pages. An attacker could...
PT-2020-10296 · Froala · Froala Editor
Name of the Vulnerable Software and Affected Versions: Froala Editor versions prior to 3.2.3 Description: A DOM-based cross-site scripting XSS issue exists because HTML code in the editor is not correctly sanitized when inserted into the DOM. This allows an attacker that can control the editor...
TP-Link TL-WR740N and TL-WR740ND Injection Vulnerability
The TP-Link TL-WR740N and TP-Link TL-WR740ND are both wireless routers from China's P&L TP-Link. A security vulnerability exists in TP-Link TL-WR740N v4 and TL-WR740ND v4. The vulnerability can be exploited by an attacker to inject HTML code and change the HTML context of target pages and sites...
CVE-2019-19461
Post-authentication Stored XSS in Team Password Manager through 7.93.204 allows attackers to steal other users' credentials by creating a shared password with HTML code as the title...
Cross site scripting
Post-authentication Stored XSS in Team Password Manager through 7.93.204 allows attackers to steal other users' credentials by creating a shared password with HTML code as the title...
CVE-2019-19461
Post-authentication Stored XSS in Team Password Manager through 7.93.204 allows attackers to steal other users' credentials by creating a shared password with HTML code as the title...
PayPal: Reflect XSS and CSP Bypass on https://www.paypal.com/businesswallet/currencyConverter/
An endpoint used for currency conversion was found to suffer from a reflected XSS vulnerability, where user input was not being properly sanitized in a parameter in the URL. This could lead to a malicious user injecting malicious JavaScript, HTML, or any other type of code that the browser may...
CVE-2020-9013
Arvato Skillpipe 3.0 allows attackers to bypass intended print restrictions by deleting from the HTML source code...
Mail.ru: [Web ICQ Client] XSS уязвимость в имени пользователя
Domain, site, application: WEB ICQ Client - https://web.icq.com/ Testing environment: Browser firefox Steps to reproduce 1. Устанавливаем имя пользователя, содержащее HTML код 2. Создаем канал/группу, в который приглашаем любого пользователя 3. Разрешаем/Запрещаем писать пользователю Actual resul...