CVE-2018-17195

The template upload API endpoint accepted requests from different domain when sent in conjunction with ARP spoofing + man in the middle MiTM attack, resulting in a CSRF attack. The required attack vector is complex, requiring a scenario with client certificate authentication, same subnet access,...

concejo-chinchina-caldas.gov.co XSS vulnerability

Open Bug Bounty ID: OBB-245522 Description| Value ---|--- Affected Website:| concejo-chinchina-caldas.gov.co Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

nibdab.org XSS vulnerability

Vulnerable URL: http://www.nibdab.org/db/s?query=%22%3E%3Cscript%3Eprompt%2Fopenbugbounty%2F%3C%2Fscript%3E Details: Description| Value ---|--- Patched:| No Latest check for patch:| 28.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated...

bordeaux.aeroport.fr XSS vulnerability

Vulnerable URL: http://www.bordeaux.aeroport.fr/fr/search/node/%22%3E%3Cscript%3Ealert'OPENBUGBOUNTY'%3C/script%3E%3C%22 Details: Description| Value ---|--- Patched:| No Latest check for patch:| 27.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 219415 VIP...

goldfair.se XSS vulnerability

Vulnerable URL: http://goldfair.se/"';-- Details: Description| Value ---|--- Patched:| Yes, at 23.11.2017 Latest check for patch:| 23.11.2017 09:40 GMT Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated Google Pagerank| 2 VIP website status:| N...