Cross site scripting

COYO 9.0.8, 10.0.11 and 12.0.4 has cross-site scripting XSS via URLs used by "iFrame" widgets...

CVE-2018-16519

COYO 9.0.8, 10.0.11 and 12.0.4 has cross-site scripting XSS via URLs used by "iFrame" widgets...

ICE HRM 23.0 SQL / Iframe Injection

=========================================================================================== Exploit Title: ICE HRM - aoba SQL Inj. Dork: N/A Date: 14-03-2019 Exploit Author: Mehmet EMIROGLU Vendor Homepage: http://icehrm.org Software Link: https://sourceforge.net/projects/icehrm/ Version: v23.0...

CVE-2019-9558

Mailtraq WebMail version 2.17.7.3550 has Persistent Cross Site Scripting XSS via the body of an e-mail message. To exploit the vulnerability, the victim must open an email with malicious Javascript inserted into the body of the email as an iframe...

CVE-2019-9558

Mailtraq WebMail version 2.17.7.3550 has Persistent Cross Site Scripting XSS via the body of an e-mail message. To exploit the vulnerability, the victim must open an email with malicious Javascript inserted into the body of the email as an iframe...

Cross site scripting

Mailtraq WebMail version 2.17.7.3550 has Persistent Cross Site Scripting XSS via the body of an e-mail message. To exploit the vulnerability, the victim must open an email with malicious Javascript inserted into the body of the email as an iframe...

CVE-2019-9558

Mailtraq WebMail version 2.17.7.3550 has Persistent Cross Site Scripting XSS via the body of an e-mail message. To exploit the vulnerability, the victim must open an email with malicious Javascript inserted into the body of the email as an iframe...

Cross site scripting

Ability Mail Server 4.2.6 has Persistent Cross Site Scripting XSS via the body e-mail body. To exploit the vulnerability, the victim must open an email with malicious Javascript inserted into the body of the email as an iframe...

Mapping Communication Between Facebook Accounts Using a Browser-Based Side Channel Attack

A now-patched vulnerability in the web version of Facebook Messenger allowed any website to expose who you have been messaging with. In a previous post, I showed how your Facebook likes, location history, and other metadata could have been extracted from your Facebook account using a side-channel...

WUZHI CMS Cross-Site Scripting Vulnerability (CNVD-2019-05299)

WUZHI CMS is five fingers WUZHI company based on PHP and MySQL open source content management system CMS. WUZHI CMS version 4.1.0 cross-site scripting vulnerability, remote attackers can use the /index.php?m=message&f=message&v=add URL's 'setiframe' parameter to use the vulnerability to inject...

Microsoft Lync For Mac 2011 Injection

Exploit Title: Microsoft Lync for Mac 2011 Injection Forced Browsing/Download Author: @nyxgeek - TrustedSec Date: 2018-03-20 Vendor Homepage: microsoft.com Software Link: https://www.microsoft.com/en-us/download/details.aspx?id=36517 CVE: CVE-2018-8474 Version: Lync:Mac 2011 14.4.3, likely earlie...

Microsoft Lync for Mac 2011 - Injection Forced Browsing/Download

Exploit Title: Microsoft Lync for Mac 2011 Injection Forced Browsing/Download Author: @nyxgeek - TrustedSec Date: 2018-03-20 Vendor Homepage: microsoft.com Software Link: https://www.microsoft.com/en-us/download/details.aspx?id=36517 CVE: CVE-2018-8474 Version: Lync:Mac 2011 14.4.3, likely earlie...

XSSFuzzer - A Tool Which Generates XSS Payloads Based On User-Defined Vectors And Fuzzing Lists

XSS Fuzzer is a simple application written in plain HTML/JavaScript/CSS which generates XSS payloads based on user-defined vectors using multiple placeholders which are replaced with fuzzing lists. It offers the possibility to just generate the payloads as plain-text or to execute them inside an...

CVE-2018-17472

Incorrect handling of googlechrome:// URL scheme on iOS in Intents in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to escape the sandbox via a crafted HTML page...

CVE-2018-17472

Incorrect handling of googlechrome:// URL scheme on iOS in Intents in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to escape the sandbox via a crafted HTML page...

UBUNTU-CVE-2018-17472

Incorrect handling of googlechrome:// URL scheme on iOS in Intents in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to escape the sandbox via a crafted HTML page...

CVE-2018-17472

Removed by vendor...

Another Facebook Bug Could Have Exposed Your Private Information

Another security vulnerability has been reported in Facebook that could have allowed attackers to obtain certain personal information about users and their friends, potentially putting the privacy of users of the world's most popular social network at risk. Discovered by cybersecurity researchers...

GitLab: Instant open redirect on Live preview WEB Ide opening

Hello Gitlab team! Asset is my own gitlab installation for Ubuntu. The issue I want to report is lack of sandbox attribute in iframe pointing to codesandbox. This results content inside iframe redirect top level window on load. How to reproduce: 1. create index.js with following content:...

xhEditor Cross-Site Scripting Vulnerability

xhEditor is an online visual HTML editor based on jQuery development . A cross-site scripting vulnerability exists in xhEditor version 1.2.2. A remote attacker can exploit this vulnerability to execute arbitrary code or HTML with the help of JavaScript code in the SRC attribute of the IFRAME...