Cross-Site Scripting

Overview Versions of buefy prior to 0.7.2 are vulnerable to Cross-Site Scripting, allowing attackers to manipulate the DOM and execute remote code. The autocomplete list renders user input as HTML without encoding. Recommendation Upgrade to version 0.7.2 or later. References - GitHub Issue - GitH...

Cross-Site Scripting (XSS)

joi is vulnerable to cross-site scripting. The message parameter is not HTML encoded, which would allow an attacker to inject arbitrary Javascript code into a victim's browser to steal session tokens or perform unwanted actions on behalf of the user...

U.S. Dept Of Defense: Cross Site Scripting (XSS) – Reflected

Reflected Cross-site Scripting XSS occur when an attacker injects browser executable code within a single HTTP response.When a web application is vulnerable to this type of attack, it will pass unvalidated input sent through requests back to the client. The value of request parameter is copied in...

Cross-Site Scripting (XSS)

rack-mini-profiler is vulnerable to cross-site scripting. The user info displayed in Error 404 pages is not HTML encoded which could potentially allow an attacker to inject arbitrary Javascript code into a victim's browser...

Xapian xapian-core Cross-Site Scripting Vulnerability

Xapian xapian-core is a Xapian project using C++ language written in open source search engine library . A cross-site scripting vulnerability exists in the queryparser/termgeneratorinternal.cc file in Xapian xapian-core versions prior to 1.4.6, which stems from the 'Xapian::MSet::snippet' functio...

wpForo Forum <= 1.4.11 - Unauthenticated Reflected Cross-Site Scripting (XSS)

Version 1.4.11, and below, of the wpForo Forum WordPress Plugin were found to be vulnerable to Reflected Cross-Site Scripting XSS. The vulnerability was due to the Plugin using the $SERVER'REQUESTURI' PHP variable to create a URL string that was later output within HTML without any output encodin...

WordPress: "Bad Protocols Validation" Bypass in "wp_kses_bad_protocol_once" using HTML-encoding without trailing semicolons

Description: The wpksesbadprotocolonce function https://developer.wordpress.org/reference/functions/wpksesbadprotocolonce/ is used to sanitise content from bad protocols and other characters. It detects the protocol URI scheme by using the first colon character. It compares the identified protoco...

MyBB 1.8.13 - Cross-Site Scripting

Exploit Title: XSS in MyBB up to 1.8.13 via installer Date: Found on 05-29-2017 Exploit Author: Pablo Sacristan Vendor Homepage: https://mybb.com/ Version: Version 1.8.13 Fixed in 1.8.13 CVE : CVE-2017-16781 No HTML escaping when returning an $error in /install/index.php can lead to an XSS which...

OLX: Cross Site Scripting -> Reflected XSS

Steps:- 1. Go to http://www.olx.ba/pretraga?trazilica="PAYLOAD" 2.Payload :- "onmousemove=alert"XSSBYJASHWANTH" " 3. You will get Pop up 4. If the script should be trusted or not, it will execute the script in the user context allowing the attacker to access any cookies or session tokens retained...

WePay: Unauthenticated Stored XSS in API Panel

There is an unauthenticated stored XSS in the API Panel of the app administration e.g. https://stage.wepay.com/apps/manage/12873/apikeys When an user is created via the API, the call log does not sanitize the output correctly see screenshot 1. So it is possible to execute arbitrary scripts in the...

Multiple Cross-Site Scripting vulnerabilities in frontend

It has been discovered, that TYPO3 is susceptible to Cross-Site Scripting Component Type: TYPO3 CMS Release Date: December 15, 2015 Vulnerable subcomponent: Frontend Vulnerability Type: Cross-Site Scripting Affected Versions: Versions 6.2.0 to 6.2.15, 7.0.0 to 7.6.0 Severity: Low Suggested CVSS...

Anchor CMS 0.9.2 Cross Site Scripting / Open Redirect

Anchor CMS 0.9.2: XSS Security Advisory – Curesec Research Team 1. Introduction Affected Product: Anchor CMS 0.9.2 Fixed in: not fixed Fixed Version Link: n/a Vendor Contact: Website: http://anchorcms.com/ Vulnerability Type: XSS and Open Redirect Remote Exploitable: Yes Reported to vendor:...

Cross-Site Scripting exploitable by Editors

It has been discovered, that TYPO3 is susceptible to Cross-Site Scripting Component Type: TYPO3 CMS Release Date: July 1, 2015 Vulnerable subcomponent: Backend Vulnerability Type: Cross-Site Scripting Affected Versions: Versions 6.2.0 to 6.2.13, 7.0.0 to 7.3.0 Severity: Low Suggested CVSS v2.0:...

ALi CTF 2 0 1 5 write up-vulnerability warning-the black bar safety net

0x00 Cake Cake is a title of Android Title, The specific process is an input a string and then initialize a length of 1 by 6 Array, then the string with this array of xor. So we just need to xor it ok. Just look at the code in reverse, the key is there are two Key looking for ok direct codes a= 0...

PHPYUN 再次绕过 十几处存储型xss轻松打后台

简要描述： 20150119 详细说明： 之前提交了一次定位xss，随后前几周有一个绕过，发在了补天平台，这次更新又看了一下。 先给一个上一版本的payload。因为removeXSS函数中只对不超过8个0的html编码进行检测，所以我们通过用8个以上0来绕过检测： 20150119版修复的时候对data/db.safety.php中对commonhtmlspecialchars函数和gpc2sql函数做了修改： 先看commonhtmlspecialchars： 左边是1231版，右边是0119版，可以看到gpc2sql提前了，看看gpc2sql做了什么修改呢：...

Vimeo: Application XSS filter function Bypass may allow Multiple stored XSS

Hi, As i analysed the application behavior and the security structure, i found out that the application is using "Greedy XSS Regex filter" against XSS and removes any the whole string from ''. So i tried some basic bypass which allowed me to insert tags and other characters into the string. Here ...

PHPMYWIND V5.0 Sql Injection 两处。

简要描述： 看到更新了 我再来看看。 一个文件中。 详细说明： 在member.php中 else if$a == 'savefavorite' $aid = isset$aid ? intval$aid : ''; $molds = isset$molds ? intval$molds : ''; $link = isset$SERVER'HTTPREFERER' ? htmlspecialchars$SERVER'HTTPREFERER' : ''; if$aid == '' or $molds == '' or $link == ''...

Suspicious Html Encoding Within HTTP Responses

Html code can be encoded within HTTP responses. Such behavior can be used to circumvent security software...

Content Spoofing in the ConvertIssue.jspa action

A third party scan found that the ConvertIssue.jspa action is vulnerable to content spoofing|https://www.owasp.org/index.php/ContentSpoofing, in specific text injection. In this case the content spoofing may be used to perform a phishing attack on users. How to reproduce: 1. go to...

Content Spoofing in the ConvertIssue.jspa action

A third party scan found that the ConvertIssue.jspa action is vulnerable to content spoofing|https://www.owasp.org/index.php/ContentSpoofing, in specific text injection. In this case the content spoofing may be used to perform a phishing attack on users. How to reproduce: 1. go to...