9 matches found
Gnuboard 5 - Cross-Site Scripting
Gnuboard 5 contains a cross-site scripting vulnerability via the $GET'LGDOID' parameter. id: CVE-2021-3831 info: name: Gnuboard 5 - Cross-Site Scripting author: arafatansari severity: medium description: | Gnuboard 5 contains a cross-site scripting vulnerability via the $GET'LGDOID' parameter...
Exploit for Code Injection in Sqlpad
CVE-2022-0944 PoC PoC for RCE in SQLPad. This example spawns a...
Scrapy leaks the authorization header on same-domain but cross-origin redirects
Impact Since version 2.11.1, Scrapy drops the Authorization header when a request is redirected to a different domain. However, it keeps the header if the domain remains the same but the scheme http/https or the port change, all scenarios where the header should also be dropped. In the context of...
InstantCMS 2.16.1 Cross Site Scripting
Exploit Title: InstantCMS - Store XSS Application: InstantCMS Version: v2.16.1 Bugs: Stored XSS Technology: PHP Vendor Homepage: https://instantcms.ru/ Software Link: https://instantcms.ru/get Date: 14.09.2023 Author: SoSPiro Tested on: Windows Description I noticed that you filtered the filter...
Pimcore vulnerable to Reflected XSS in Predefined Properties module in Settings
Impact This vulnerability has the potential to steal a user's cookie and gain unauthorized access to that user's account through the stolen cookie or redirect users to other malicious sites. Patches Update to version 10.5.20 or apply this patch manually...
Pimcore Cross-site Scripting in Predefined Asset Metadata module in Settings
Impact This vulnerability has the potential to steal a user's cookie and gain unauthorized access to that user's account through the stolen cookie or redirect users to other malicious sites. Patches Update to version 10.5.20 or apply this patch manually...
Stored xss in showdoc through file upload
Description Hi. This is a bypass to the report in https://huntr.dev/bounties/df347aa9-ed9b-4f75-af99-c83b8aad3bcf/ . It fails to check for files with the extension .shtml which leads to stored xss Proof of Concept // poc.shtml adsasdadsdsa alert1 Impact Stored Xss...
CVE-2021-43856
Wiki.js is a wiki app built on Node.js. Wiki.js 2.5.263 and earlier is vulnerable to stored cross-site scripting through non-image file uploads for file types that can be viewed directly inline in the browser. By creating a malicious file which can execute inline JS when viewed in the browser e.g...
CVE-2021-4166
vim is vulnerable to Out-of-bounds Read...