Stored Cross Site Scripting (XSS) via "properties" during creating new users

Description From demo url login click people icon at the left bar click "Customers" Click "New Customer" button from page Fill up the "Edit" tab Click "Save" button above Click "Properties" tab From "Add a custom Property" field , add "Test" on the first field Click and select "text" on the secon...

Stored XSS in Project Name

Description The application Titra is vulnerable to Stored XSS in Project name field. Steps To Reproduce 1. Click on Edit button 2. Under the Project Name enter the paylaod " 3. Click on save. 4. Now navigate to details the XSS will be triggered. Image PoC...

Path Traversal via Files Manager

Description Please enter a description of the vulnerability. Steps to reproduce 1.Login to admin panel and go to Modules - Files http://localhost/microweber/admin/view:modules/loadmodule:files 2.Click any file, the url will have the following format:...

Cross-site Scripting (XSS)

Proof of Concept Steps to reproduce: Naviagate the below URL URL: https://demo.contao.org/contao/" Here Some Image POC Attached...

WordPress Gallery Master 1.0.22 Cross Site Scripting

Exploit : For Exploiting This Vulnerability Install Testimonial Slider Plugin Then Create New SGallery In Gallery Title Input And Gallery Description Place Your JavaScript Code After Creating Gallery JavaScript Code Will Be Executed . Plugin Is Accessable By Authors , Administartors , Editors...