Cross-site Scripting (XSS)

librenms/librenms is vulnerable to reflected cross-site scripting XSS. The vulnerability is due to improper filtering in the reportthis function in librenms/includes/functions.php, specifically incorrect use of htmlentities in an href context, which allows an attacker to inject malicious script v...

GHSA-4V57-PWVF-X35J Zendframework potential Cross-site Scripting vector in `Zend_Service_ReCaptcha_MailHide`

ZendServiceReCaptchaMailHide had a potential XSS vulnerability. Due to the fact that the email address was never validated, and because its use of htmlentities did not include the encoding argument, it was potentially possible for a malicious user aware of the issue to inject a specially crafted...

Zendframework potential Cross-site Scripting vector in `Zend_Service_ReCaptcha_MailHide`

ZendServiceReCaptchaMailHide had a potential XSS vulnerability. Due to the fact that the email address was never validated, and because its use of htmlentities did not include the encoding argument, it was potentially possible for a malicious user aware of the issue to inject a specially crafted...

phpMyFAQ vulnerable to stored XSS on attachments filename

Summary Unsafe echo of filename in phpMyFAQ\phpmyfaq\admin\attachments.php leading to allow execute JavaScript code in client side XSS Details On that snippet code of rendering the file attachments from user tables id ?" title="thema ?" id ? filename ? recordlang ? filesize ? mimetype ? The data...

SUSE CVE-2007-5898

The 1 htmlentities and 2 htmlspecialchars functions in PHP before 5.2.5 accept partial multibyte sequences, which has unknown impact and attack vectors, a different issue than CVE-2006-5465...

WordPress Plugin Quizlord 2.0 XSS vulnerability reproduction and analysis-vulnerability warning-the black bar safety net

WordPress is a PHP language development blog platform, users can support PHP and MySQL database server set up your own website. You can also put WordPress as a CMS to use. WordPress often broke loopholes is it the plug-in there Security. Vulnerability reproduction First build worepress, my versio...

PHP <= 4.4.4/5.1.6 htmlentities() Local Buffer Overflow PoC

No description provided by source. ?php / Nick Kezhaya / / www.whitepaperclip.com / //instantiate a string $str1 = ; for$i=0; $i 64; $i++ $str1 .= toUTF977; //MUST start with 977 before bit-shifting htmlentities$str1, ENTNOQUOTES, UTF-8; //DoS here / htmlentities method automatically assumes it i...

LiveZilla 3.1.8.3 - XSS Vulnerability

No description provided by source. Info: LiveZilla, the Next Generation Live Help / Live Chat and Live Support System connects you to your website visitors. Use LiveZilla to provide Live Chats and monitor your website visitors in real-time. Convert visitors to customers - with LiveZilla! Credits:...

ArrowChat 1.5.61 - Multiple Vulnerabilities

No description provided by source. Exploit Title: ArrowChat = 1.5.61 Multiple vulnerabilities Date: 01/01/2013 Exploit Author: Kallimero Version: 1.5.61, before, and maybe 1.6 Tested on: Debian Introduction ============ ArrowChat is a chat script, which is able to be integrate in various CMS, as...

MyBB AJAX Chat - Persistent XSS Vulnerability

No description provided by source. Title: MyBB AJAX Chat Persistent XSS Vulnerability Date: 12/12/2012 Exploit Author: Mr. P-teo Vendor Homepage: http://www.mybb.com/ Software Link: http://mods.mybb.com/view/ajax-chat Version: 1 Tested on: Windows The Persistent XSS vulnerability lies within the...

ArrowChat 1.5.61 Cross Site Scripting / Local File Inclusion

ArrowChat versions 1.5.61 and below suffer from cross site scripting and local file inclusion vulnerabilities. Exploit Title: ArrowChat = 1.5.61 Multiple vulnerabilities Date: 01/01/2013 Exploit Author: Kallimero Vendor Homepage: http://www.sitexcms.org/ Version: 1.5.61, before, and maybe 1.6...

MyBB AJAX Chat - Persistent Cross-Site Scripting

MyBB AJAX Chat - Persistent Cross-Site Scripting Title: MyBB AJAX Chat Persistent XSS Vulnerability Date: 12/12/2012 Exploit Author: Mr. P-teo Vendor Homepage: http://www.mybb.com/ Software Link: http://mods.mybb.com/view/ajax-chat Version: 1 Tested on: Windows The Persistent XSS vulnerability li...

MyBB AJAX Chat Persistent XSS Vulnerability

Exploit for php platform in category web applications Title: MyBB AJAX Chat Persistent XSS Vulnerability Date: 12/12/2012 Exploit Author: Mr. P-teo Vendor Homepage: http://www.mybb.com/ Software Link: http://mods.mybb.com/view/ajax-chat Category: Webapps Version: 1 Tested on: Windows The Persiste...

N`CMS 1.1E - Local File Inclusion / Remote Code

!/usr/bin/python INFORMATION Exploit Title: NCMS 1.1E Pre-Auth Local File Inclusion Remote Code Exploit Date: 11/3/2011 Software link: http://bit.ly/eJAyw5 Tested on: Linux bt Version: 1.1E PHP.ini Settings: gpcmagicquotes = Off Note: The web application was lucky to not be exploited by session...

PHP htmlentities()和htmlspecialchars()函数中断处理地址信息泄露漏洞

CVE ID: CVE-2010-2100 PHP是广泛使用的通用目的脚本语言，特别适合于Web开发，可嵌入到HTML中。 PHP的htmlentities及htmlspecialchars函数中存在信息泄露漏洞： static void phphtmlentitiesINTERNALFUNCTIONPARAMETERS, int all char str, hintcharset = NULL; int strlen, hintcharsetlen = 0; int len; long quotestyle = ENTCOMPAT; char replaced; zendbool...

LiveZilla v3.1.8.3 XSS Vulnerability

Exploit for unknown platform in category web applications ==================================== LiveZilla v3.1.8.3 XSS Vulnerability ==================================== Info: LiveZilla, the Next Generation Live Help / Live Chat and Live Support System connects you to your website visitors. Use...

LiveZilla v3.1.8.3 XSS Vulnerability

No description provided by source. Info: LiveZilla, the Next Generation Live Help / Live Chat and Live Support System connects you to your website visitors. Use LiveZilla to provide Live Chats and monitor your website visitors in real-time. Convert visitors to customers - with LiveZilla! Credits:...

PHP 5.2.0 HTMLEntities 函数存在缓冲区溢出

No description provided by source...

Joomla YOOOtheme Cross Site Scripting

view source print? andresg888 Exploit Title : Joomla ytcolor YOOOtheme xss, cookie stealing Date : 2009-12-04 Author : andresg888 Software Link : http://www.yootheme.com/ Contact : andresg8884tgmaildotcom Web: : www.ilegalintrusion.net & www.bl4ck-p0rtal.org Dork : No DoRk f0R ScRipT KiDDieS The...

Joomla yt_color YOOOtheme XSS and Cookie Stealing

Exploit for unknown platform in category web applications ================================================= Joomla ytcolor YOOOtheme XSS and Cookie Stealing ================================================= The GET variable ytcolor can be set to any script Example 1:...