(0Day) Microsoft SharePoint Calendar Overlay Hyperlink Injection Vulnerability

This vulnerability allows remote attackers to inject unexpected hyperlinks on affected installations of Microsoft SharePoint. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

EUVD-2021-6688

Malicious code in bioql PyPI...

Stored XSS in Your Answer

Description Evil users can attack other users or administrator users through this vulnerability, causing other users/administrator user accounts to be taken over Proof of Concept step1. Insert xss payload in the hyperlink of the question answer javaScript:alertlocalStorage.getItem'alui' step2. An...

Rdiffweb 输入验证错误漏洞

Rdiffweb is a web application by Patrik Dufresne, an individual developer in the USA. It provides quick access to your archives through an efficient web interface. An input validation error vulnerability exists in Rdiffweb versions prior to 2.5.5, which originates from a hyperlink injection via a...

Rdiffweb 安全漏洞

Rdiffweb is a web application by Patrik Dufresne, an individual developer in the USA. It provides quick access to your archives through an efficient web interface. A security vulnerability exists in Rdiffweb versions prior to 2.5.5, which stems from a lack of character cleanup in SSH key names...

Lack of sanitisation of characters in SSH key name could allow attacker to inject a hyperlink injection

Description Lack of sanitisation of characters in SSH key name could allow attacker to inject a hyperlink injection that could allow attacker to redirect victim to malicious websites Proof of Concept 1 Go to https://rdiffweb-dev.ikus-soft.com/prefs/sshkeys 2 Add SSH key 3 Enter the name evil.com ...

Hyperlink injection through access token name

Description Hyperlink Injection it’s when attacker injecting a malicious link when sending an email invitation. Hyperlink injection in the email can lead to phishing via email directly to users. Proof of Concept 1 Go to https://rdiffweb-dev.ikus-soft.com/prefs/tokens 2 Create a new access token...

Patrik Dufresne Rdiffweb user redirection vulnerability

Patrik Dufresne Rdiffweb is a web application from the personal developer Patrik Dufresne, USA. Patrik Dufresne Rdiffweb is vulnerable to a user redirection vulnerability, which stems from the fact that the system does not handle target bounces properly and can be exploited to inject malicious...

Rdiffweb 输入验证错误漏洞

Patrik Dufresne Rdiffweb is a web application from the personal developer Patrik Dufresne, USA. Patrik Dufresne Rdiffweb is vulnerable to a user redirection vulnerability, which stems from the fact that the system does not handle target bounces properly and can be exploited to inject malicious...

Hyperlink injection leads to redirect victim to malicious website

Description Hyperlink Injection it’s when attacker injecting a malicious link when sending an email invitation Proof of Concept 1 Go to https://rdiffweb-dev.ikus-soft.com/prefs/general 2 Set your full name as "Your account has been hacked please visit evil.com" 3 Save changes 4 Perform any activi...

Formula Injection/CSV Injection due to Improper Neutralization of Formula Elements in CSV File

Description Formula Injection/CSV Injection in "For what?" , "For whom?" & "How much?" due to Improper Neutralization of Formula Elements in CSV File. Proof of Concept 1.Visit https://ihatemoney.org/ and start your demo application then click on add new bill at the top right. In the field of "wha...

CVE-2021-1221 Cisco Webex Meetings and Cisco Webex Meetings Server Software Hyperlink Injection Vulnerability

A vulnerability in the user interface of Cisco Webex Meetings and Cisco Webex Meetings Server Software could allow an authenticated, remote attacker to inject a hyperlink into a meeting invitation email. The vulnerability is due to insufficient input validation. An attacker could exploit this...

Helium: Hyperlink Injection on Email Invitation

DESCRIPTION Found an hyperlink injection of the name of Organization when the attacker invites the victim to his organization with injection hyperlink. STEPS 1. Add organization with the name of https://attacker.com and switch it. 2. Go to user and invite the victim using email. 3. victim will se...

FreeBSD : Gitlab -- Multiple vulnerabilities (467b7cbe-257d-11e9-8573-001b217b3468)

Gitlab reports : Remote Command Execution via GitLab Pages Covert Redirect to Steal GitHub/Bitbucket Tokens Remote Mirror Branches Leaked by Git Transfer Refs Denial of Service with Markdown Guests Can View List of Group Merge Requests Guest Can View Merge Request Titles via System Notes Persiste...

Pushwoosh: Spoof Email with Hyperlink Injection via Invites functionality

Email Spoofing via hyperlink injection. Design Issue, Missing Best Practice, Low severity...

New Relic: Hyperlink Injection on adding active users

@japz discovered an issue with how some email clients render text. This issue was determined to be very low or no risk and was subsequently removed from our program's scope...

Algolia: Hyperlink Injection in Friend Invitation Emails

Description A user can change their last name to a URL in order to send email invitations containing malicious hyperlinks. Steps to Reproduce 1. Create a new Algolia account with the last name http://example.com. 2. Navigate to My Account Referrral 3. Send an invitation to an email address that y...

Instacart: Hyperlink Injection in Friend Invitation Emails

Description A user can change their name to a URL in order to send email invitations containing malicious hyperlinks. Steps to Reproduce 1. Create a new Instacart account with the first name http://example.com 2. Navigate to https://www.instacart.com/store/referrals 3. Send an email invitation to...