RootPanel SQL Injection

============================================================ RootPanel All versions SQL injection/Account takeover. Discovery: AkaStep and CAMOUFL4G3 Vendor: http://www.rootpanel.ru/ ============================================================ What is RootPanel ? RootPanel is professional hosting...

Fork CMS Cross Site Scripting

=================================================================================== Fork-CMS Stored XSS: Stored XSS: Author: Rafay Baloch Introduction: Cross Site scritping XSS has been a problem for ages, XSS occurs when the input data is copied into application responses without being sanitized...

Your Own Classifieds Cross Site Scripting

Vendor: http://www.yourownclassifieds.com Description: Your own classified software is a script that helps you creates your own store. Discovered by: Rafay Baloch Vulnerability: Non persistent XSS The script fails to sanitize the input that is entered into the text box resulting into a XSS. POC:...

Reflected xss in CloneSessionPost.jspa

In plugin/src/main/resources/templates/excalibur/web/testsessions/test-session-clone.vm on line 2, the 'testSessionId' parameter is extracted from the request parameters and inserted without first html encoding the value into the form element 'action' value. This means means that the resource is...

Reflected xss in the jira-gadgets-plugin getLabelGroups rest resource

The jira-gadgets-plugin LabelsResource class exposes a getLabelGroups rest resource that is vulnerable to reflected xss through the user supplied 'project' path parameter. The vulnerability is caused by building an error response message with a content type of text/html and not html encoding the...

Fix XSS vulnerabilities in managereferrers.vm and importword.vm

Scope of this issue is to address two specific XSS vulnerabilies. The scope of fixing i18n parameters is tracked elsewhere|https://jira.atlassian.com/browse/CONF-15548. Please see the comment below for...

Fix XSS vulnerabilities in managereferrers.vm and importword.vm

Scope of this issue is to address two specific XSS vulnerabilies. The scope of fixing i18n parameters is tracked elsewhere|https://jira.atlassian.com/browse/CONF-15548. Please see the comment below for...

Persistent XSS in the removepage.action page through the title of the parent page being deleted

The parent title of a confluence page is not html encoded when displayed in removepage.action this results in a persistent XSS vector. Steps to reproduce: 1. Add a page with a title of "" alert3; 2. from the Add menu select "Add page" so it is a child of the first page 3. save the new page child ...

Zynga Cafeworld Cross Site Scripting

\ \ \ \ \ | / \ \ \ / /\ / /\ \ / / |/ /| | / / \ / / / | | /\ / \ / / /| alert"r007k17-w" SUG: HTML encoding, escaping special characters,Input sanitization...

Zynga Vampiresgame Cross Site Scripting

\ \ \ \ \ | / \ \ \ / /\ / /\ \ / / |/ /| | / / \ / / / | | /\ / \ / / /| Author: r007k17-w a.k.a Raghavendra Karthik.D Email: [email protected] My blog: http://shadowrootkit.wordpress.com/ Google Dork: Copyright 2010 Zynga Game Network Inc...

Zynga Petville Cross Site Scripting

\ \ \ \ \ | / \ \ \ / /\ / /\ \ / / |/ /| | / / \ / / / | | /\ / \ / / /| SUG: HTML encoding, escaping special characters,Input sanitization...

XSS encoding hazard with inline SVG — Mozilla

Security researcher Mario Heiderich reported that HTML-encoded entities were being improperly decoded when displayed inside SVG elements. This could lead to XSS attacks on sites relying on HTML encoding of user-supplied content...

Wiki Web Help 0.2.7 cross site scripting

No description provided by source. ------------------------------------------------------------------------ Software................Wiki Web Help 0.2.7 Vulnerability...........Persistent/Reflected XSS Download................http://sourceforge.net/projects/wwh/ Release Date............7/1/2010...

Applicure dotDefender 4.01-3 - Persistent Cross-Site Scripting

An advisory by EnableSecurity. ID: ES-20100601 Advisory URL: http://resources.enablesecurity.com/advisories/ES-20100601-dotdefender4.txt Affected Versions: version 4.0 Fixed versions: 4.01-3 and later Description: Applicure dotDefender is a Web Application Firewall that can be installed on Window...

SpringSource Hyperic HQ Cross Site Scripting

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2009-2907: SpringSource Hyperic HQ multiple XSS vulnerabilities Severity: Moderate Vendor: SpringSource Versions Affected: SpringSource Hyperic HQ 4.2 pre-release versions SpringSource Hyperic HQ 4.1.0 to 4.1.2 SpringSource Hyperic HQ 4.0.0 to 4.0...

XSS vulnerability when moving page between spaces

You can create a space with HTML in the name. In most places this space name is correctly encoded however in the tree component given when you chose to move a page the destination space is name is not encoded properly. To reproduce. 1 Create a space called alert"Howdy"; 2 Create a page in another...

The i18n in velocity templates does not auto html encode parameters

panel:bgColor=e7f4fa NOTE: This suggestion is for Confluence Cloud. Using Confluence Server? See the corresponding suggestion|http://jira.atlassian.com/browse/CONFSERVER-15548. panel All the getText methods on com.atlassian.confluence.util.i18n.DefaultI18NBean are anontated as HtmlSafe which mean...

The i18n in velocity templates does not auto html encode parameters

panel:bgColor=e7f4fa NOTE: This suggestion is for Confluence Server. Using Confluence Cloud? See the corresponding suggestion|http://jira.atlassian.com/browse/CONFCLOUD-15548. panel All the getText methods on com.atlassian.confluence.util.i18n.DefaultI18NBean are anontated as HtmlSafe which means...

Logging event information is not HTML encoded in 500 error page

The Confluence 500 error page lists logging events generated during the request the produced the 500 error page. The strings rendered from this event are not HTML encoded, leaving open a chance for an attacker to exploit this via XSS. I haven't yet investigated to see whether this is actually...

Writeup by Amit Klein (Trusteer): Address Bar Spoofing for IE6

Address Bar Spoofing Attacks against Microsoft Internet Explorer 6 Amit Klein, Trusteer Summary ======= IE6 is the second most popular web browser after IE7, with market share of around 25 according to recent surveys e.g. http://marketshare.hitslink.com/report.aspx?qprid=2. This write-up presents...