Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

Huntr
Huntradded 2023/03/05 6:38 a.m.21 views

Store XSS in Question Tag

Description Attackers can use this vulnerability to attack users/admins in the community, take over user/admins accounts, etc... Proof of Concept 1、Register and log in as a user, add new questions and add tags 2、Insert the following payload in the tag description html 3、Post a question 4、When oth...

4.9CVSS5.5AI score0.00337EPSS
Exploits1
Tenable Nessus
Tenable Nessusadded 2020/03/30 12:0 a.m.46 views

Fedora 30 : ckeditor (2020-261449d821)

CKEditor 4.14 Security Updates: - CVE-2020-9281 Fixed XSS vulnerability in the HTML data processor reported by Micha Bentkowski of Securitum. Issue summary: It was possible to execute XSS inside CKEditor after persuading the victim to: i switch CKEditor to source mode, then ii paste a specially...

6.1CVSS6.5AI score0.01194EPSS
Exploits0References40
seebug.org
seebug.orgadded 2015/03/10 12:0 a.m.32 views

SDCMS 最新门户版 V3.0 储存型xss一枚 可盲打后台

简要描述: 严谨的说 是编辑器xss储存型漏洞 详细说明: 虚拟主机搭建测试: 需要条件: 开启会员注册默认开启 开启投稿功能(默认开启) 下载地址: http://www.sdcms.cn/product/portal.html 默认 开启会员注册 无需审核 原本想在demo上测试的 但是他开启审核了 ---------------------------------------- 注册个会员 找到在线投稿 选择文章模型 远程上传地址处 插入: " 提交 img...

7.1AI score
Exploits0
Atlassian
Atlassianadded 2013/09/16 5:41 a.m.18 views

Arbitrary file or URL download in ExportWordPageServer

To reproduce: 1. Create a new page. 2. Insert an image with URL: code:none file:///etc/passwd code Edit the page, click +, click Image, select the From the Web tab, enter the file: URL shown above, click Insert, click Save. The image appears invisible on some browsers, but you can verify its...

0.2AI score
Exploits0Affected Software1
Packet Storm
Packet Stormadded 2011/08/08 12:0 a.m.33 views

Simple Machines Forum 2.0 Session Hijacking

Simple Machines forum SMF 2.0 session hijacking Found by The X-C3LL and seth http://0verl0ad.blogspot.com/ || http://xd-blog.com.ar/ 2011-08-06 Website: http://www.simplemachines.org/ Greets: yoyahack, eddyw, www.portalhacker.net SMF stops csrf attacks sending a session token in all the requests...

0.4AI score
Exploits0
0day.today
0day.todayadded 2011/08/07 12:0 a.m.34 views

Simple Machines forum (SMF) 2.0 session hijacking

Exploit for php platform in category web applications Simple Machines forum SMF 2.0 session hijacking Found by The X-C3LL and seth http://0verl0ad.blogspot.com/ || http://xd-blog.com.ar/ 2011-08-06 Website: http://www.simplemachines.org/ Greets: yoyahack, eddyw, www.portalhacker.net SMF stops csr...

7.1AI score
Exploits0
Atlassian
Atlassianadded 2008/11/07 12:35 a.m.13 views

Inserted image filenames are not escaped properly as thumbnails

When you insert an image as a thumbnail into a wiki page, the generated HTML does not properly escape the filename...

0.5AI score
Exploits0
Rows per page
Query Builder