EU Cookie Law <= 3.1.6 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. 1. Enter the setting page of this plugin. 2. In t...

Livemesh Addons for Elementor < 7.2.4 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. 1. Enter the setting page of this plugin. 2. In t...

Fancier Author Box by ThematoSoup <= 1.4 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. PoC 1. Open the setting page of this plugin. 2...

Fancier Author Box by ThematoSoup <= 1.4 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. 1. Open the setting page of this plugin. 2. There...

reCAPTCHA <= 1.6 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. 1. On the setting page of this plugin, enter the...

reCAPTCHA <= 1.6 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. PoC 1. On the setting page of this plugin, enter...

G5 Scripts Guestbook PHP 1.2.8 - Cross-Site Scripting

G5 Scripts Guestbook PHP 1.2.8 - Cross-Site Scripting :::::::::::::::::::::::::::::::::::::: 0x1 :::::::::::::::::::::::::::::::::::::: General Information Advisory/Exploit Title = Guestbook PHP XSS Vulnerability Author = Valentin Hoebel Contact = [email protected]...

CiviCRM 3.1 &lt; Beta 5 - Multiple Cross-Site Scripting Vulnerabilities

Author: h00die [email protected] & Ch3nz [email protected] Software Link: http://sourceforge.net/projects/civicrm/files/civicrm-latest/3.1.beta1/civicrm-3.1.beta1-standalone.tar.gz/download Version: and from being in the same input box. In several cases it is possible to use multiple input boxes th...

TigerTom Scripts

TigerTom Scripts Homepage: http://www.ttfreeware.co.uk/ Affected files: TTCalc script v1.0 --------------------------- Data pased in the "Length of loan, years" and "Length of mortgage, years" input boxes are not sanatized before being generated. For a PoC in the input boxes listed above simply...

boardhost.txt

Boardhost.com Description: Free Msgboard hosting service. Homepage: http://www.Boardhost.com Affected files Input boxes of posting a message Searching for a listing board ------------------------------------------------- XSS vuln with cookie disclosure when posting a msg Tested on boardhost.com's...

blacksingles.txt

Blacksingles.com Homepage: http://www.blacksingles.com Affected files Profile input boxes Add a friend input box. list.html view.html reply.html compose.html ------------------------------------------------- XSS vuln with cookie disclosure via the Location box. User data isn't sanatized before...

chatizens.txt

Chatizens.com Also known as Chattown.com Homepage: http://www.chatizens.com Affected files: Profile input boxes: All input boxes of your profile. Browsing the forums -------------------------------------------- XSS vuln with cookie disclosure via profile input boxes. To bypass chatizens filters o...

Somechess v1.5 rc1 - XSS

Somechess v1.5 rc1 Homepage: http://www.astrodogpress.org/chess/ Affected files: Profile input boxes ----------------------- Upon dumping the sql data into the table if you get errors and it wont create the tables & data like it did to me, then just remove all the " from the sql file. You'll also...

ratescene.txt

Ratescene.co.uk Homepage: http://www.ratescene.co.uk Affected files: input boxes of editing your profile ------------------------------------------------ Profile input boxes XSS vuln with cookie disclosure: Data isn't sanatized, try entering the code below: Screenshots:...

Cybersocieties.txt

Cybersocieties.com Homepage: http://www.cybersocieties.com Effected files: Input boxes in profile: - Full name box - Occupation box - MSN box - Yahoo box - AIM Box Viewing a profile ------------------------------------------------------ XSS vuln via input boxes in profile: No filter evasion is...

43things.txt

43things.com Homepage: http://www.43things.com Affected files: input box "I want to add to my list" posting a comment ---------------------------------------- XSS vuln via input text of the box "I want to" When you add an item thats already on your list. For a PoC we have style tags with broken u...

fxAPPXSS.txt

fx-APP Version 0.0.8.1 Homepage: http://fx-app.org/ Effected files: search input box index.cgi input boxes on your profile adding a menu item ------------------------------------------------------- I noticed there was already several BID's on the a script WebAPP:...

asianxoXSS.txt

AsianXO.com Homepage: http://www.asianxo.com/ Effected files: directory.php profiles.php Input boxes of editing profile ---------------------------- XSS Vulnerability via dirid: Directory.php PoC: http://www.axo2.com/directory.php?dirid=1" inaurl injection along with tags, which also reveals some...

mole.com.ua Ticket Booking Script - XSS

Ticket Booking Script Homepage: http://www.mole.com.ua Effected files: input boxes on booking2.php XSS Vulnerabilities: The input boxes on booking2.php do not sanatize userinput before geenrating it and then submitting it to a MySQL db. This can causes XSS examples as well as possible SQL...

E-Dating System from scriptsez.net - XSS

E-Dating System Homepage: http://www.scriptsez.net/ Effected files: Input boxes. cindex.php Description: A Professional dating system that uses flatfiles instead of MySQL. XSS Vulnerabilities PoC: The input boxes of sending a message, and editing your profile do not properally filter user input...