1007 matches found
Cross site scripting
A Cross-Site Scripting XSS issue was discovered in webpagetest 3.0. The vulnerability exists due to insufficient filtration of user-supplied data pssid passed to the webpagetest-master/www/pss.php URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the...
CVE-2017-6535
Multiple Cross-Site Scripting XSS issues were discovered in webpagetest 3.0. The vulnerabilities exist due to insufficient filtration of user-supplied data benchmark, url passed to the webpagetest-master/www/benchmarks/trendurl.php URL. An attacker could execute arbitrary HTML and script code in ...
Cross site scripting
Multiple Cross-Site Scripting XSS issues were discovered in webpagetest 3.0. The vulnerabilities exist due to insufficient filtration of user-supplied data benchmark, url passed to the webpagetest-master/www/benchmarks/trendurl.php URL. An attacker could execute arbitrary HTML and script code in ...
CVE-2017-6539
Multiple Cross-Site Scripting XSS issues were discovered in webpagetest 3.0. The vulnerabilities exist due to insufficient filtration of user-supplied data benchmark, time passed to the webpagetest-master/www/benchmarks/delta.php URL. An attacker could execute arbitrary HTML and script code in a...
seacms search.php code execution vulnerability
function parseIf$content if strpos$content,'if:'=== false return $content; else $labelRule = buildregx"if:.? .? end if","is"; $labelRule2="elseif"; $labelRule3="else"; pregmatchall$labelRule,$content,$iar; $arlen=count$iar0; $elseIfFlag=false; for$m=0;$mparseStrIf$strIf; $strThen=$iar2$m;...
Cross site scripting
Multiple Cross-Site Scripting XSS issues were discovered in EPESI 1.8.1.1. The vulnerabilities exist due to insufficient filtration of user-supplied data tooltipid, callback, args, cid passed to the EPESI-master/modules/Utils/Tooltip/req.php URL. An attacker could execute arbitrary HTML and scrip...
CVE-2017-6485
A Cross-Site Scripting XSS issue was discovered in php-calendar before 2017-03-03. The vulnerability exists due to insufficient filtration of user-supplied data errorMsg passed to the "php-calendar-master/error.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the...
CVE-2017-6484
Multiple Cross-Site Scripting XSS issues were discovered in INTER-Mediator 5.5. The vulnerabilities exist due to insufficient filtration of user-supplied data c and cred passed to the "INTER-Mediator-master/AuthSupport/PasswordReset/resetpassword.php" URL. An attacker could execute arbitrary HTML...
CVE-2017-6491
Multiple Cross-Site Scripting XSS issues were discovered in EPESI 1.8.1.1. The vulnerabilities exist due to insufficient filtration of user-supplied data tooltipid, callback, args, cid passed to the EPESI-master/modules/Utils/Tooltip/req.php URL. An attacker could execute arbitrary HTML and scrip...
CVE-2017-6396
An issue was discovered in WPO-Foundation WebPageTest 3.0. The vulnerability exists due to insufficient filtration of user-supplied data passed to the "webpagetest-master/www/compare-cf.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerabl...
Authorization
An issue was discovered in whatanime.ga before c334dd8499a681587dd4199e90b0aa0eba814c1d. The vulnerability exists due to insufficient filtration of user-supplied data passed to the "whatanime.ga-master/index.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the...
Authorization
An issue was discovered in FlightAirMap v1.0-beta.10. The vulnerability exists due to insufficient filtration of user-supplied data in multiple parameters passed to several -sub-menu.php pages. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable...
CVE-2017-6391
An issue was discovered in Kaltura server Lynx-12.11.0. The vulnerability exists due to insufficient filtration of user-supplied data passed to the "adminconsole/web/tools/SimpleJWPlayer.php" URL, the "adminconsole/web/tools/AkamaiBroadcaster.php" URL, the "adminconsole/web/tools/bigRedButton.php...
CVE-2017-6390
CVE-2017-6390 impacts whatanime.ga due to insufficient filtration of user-supplied data passed to the the path “whatanime.ga-master/index.php”. The connected CNVD entry describes a cross-site scripting vulnerability where an attacker can cause arbitrary HTML/JavaScript to execute in a browser con...
Cross-site Scripting (XSS)
zaproxy is vulnerable to cross-site scripting XSS attacks. The vulnerability exists as zaproxy does not properly sanitize the Alert IconUrl, allowing arbitrary HTML code to be injected...
memcache-viewer Cross Site Scripting
Exploit Title: memcache-viewer - Stored XSS Date: 2017-02-24 Exploit Author: HaHwul Exploit Author Blog: www.hahwul.com Vendor Homepage: https://github.com/chrisjameskirkham/memcache-viewer Software Link: https://github.com/chrisjameskirkham/memcache-viewer/archive/master.zip Version: Latest comm...
memcache-viewer - Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: memcache-viewer - Stored XSS Date: 2017-02-24 Exploit Author: HaHwul Exploit Author Blog: www.hahwul.com Vendor Homepage: https://github.com/chrisjameskirkham/memcache-viewer Software Link:...
Origin Null Vulnerability
rack-cors is vulnerable to an origin null vulnerability. When an iframe contains html code for its source instead of a URL, a website using rack-cors and allowing file:// does not prevent browsers to send null origins...
CVE-2017-5964
An issue was discovered in Emoncms through 9.8.0. The vulnerability exists due to insufficient filtration of user-supplied data in multiple HTTP GET parameters passed to the "emoncms-master/Modules/vis/visualisations/compare.php" URL. An attacker could execute arbitrary HTML and script code in a...
CVE-2017-5945
An issue was discovered in the PoodLL Filter plugin through 3.0.20 for Moodle. The vulnerability exists due to insufficient filtration of user-supplied data in the "poodllaudiourl" HTTP GET parameter passed to the "filterpoodllmoodle322016112802/poodll/mp3recorderskins/brazil/index.php" URL. An...