EU Cookie Law <= 3.1.6 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. 1. Enter the setting page of this plugin. 2. In t...

Livemesh Addons for Elementor < 7.2.4 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. 1. Enter the setting page of this plugin. 2. In t...

reCAPTCHA <= 1.6 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. 1. On the setting page of this plugin, enter the...

Fancier Author Box by ThematoSoup <= 1.4 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. PoC 1. Open the setting page of this plugin. 2...

Fancier Author Box by ThematoSoup <= 1.4 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. 1. Open the setting page of this plugin. 2. There...

reCAPTCHA <= 1.6 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. PoC 1. On the setting page of this plugin, enter...

G5 Scripts Guestbook PHP 1.2.8 - Cross-Site Scripting

G5 Scripts Guestbook PHP 1.2.8 - Cross-Site Scripting :::::::::::::::::::::::::::::::::::::: 0x1 :::::::::::::::::::::::::::::::::::::: General Information Advisory/Exploit Title = Guestbook PHP XSS Vulnerability Author = Valentin Hoebel Contact = [email protected]...

CiviCRM 3.1 &lt; Beta 5 - Multiple Cross-Site Scripting Vulnerabilities

Author: h00die [email protected] & Ch3nz [email protected] Software Link: http://sourceforge.net/projects/civicrm/files/civicrm-latest/3.1.beta1/civicrm-3.1.beta1-standalone.tar.gz/download Version: and from being in the same input box. In several cases it is possible to use multiple input boxes th...

TigerTom Scripts

TigerTom Scripts Homepage: http://www.ttfreeware.co.uk/ Affected files: TTCalc script v1.0 --------------------------- Data pased in the "Length of loan, years" and "Length of mortgage, years" input boxes are not sanatized before being generated. For a PoC in the input boxes listed above simply...

blacksingles.txt

Blacksingles.com Homepage: http://www.blacksingles.com Affected files Profile input boxes Add a friend input box. list.html view.html reply.html compose.html ------------------------------------------------- XSS vuln with cookie disclosure via the Location box. User data isn't sanatized before...

boardhost.txt

Boardhost.com Description: Free Msgboard hosting service. Homepage: http://www.Boardhost.com Affected files Input boxes of posting a message Searching for a listing board ------------------------------------------------- XSS vuln with cookie disclosure when posting a msg Tested on boardhost.com's...

chatizens.txt

Chatizens.com Also known as Chattown.com Homepage: http://www.chatizens.com Affected files: Profile input boxes: All input boxes of your profile. Browsing the forums -------------------------------------------- XSS vuln with cookie disclosure via profile input boxes. To bypass chatizens filters o...

Somechess v1.5 rc1 - XSS

Somechess v1.5 rc1 Homepage: http://www.astrodogpress.org/chess/ Affected files: Profile input boxes ----------------------- Upon dumping the sql data into the table if you get errors and it wont create the tables & data like it did to me, then just remove all the " from the sql file. You'll also...

43things.txt

43things.com Homepage: http://www.43things.com Affected files: input box "I want to add to my list" posting a comment ---------------------------------------- XSS vuln via input text of the box "I want to" When you add an item thats already on your list. For a PoC we have style tags with broken u...

ratescene.txt

Ratescene.co.uk Homepage: http://www.ratescene.co.uk Affected files: input boxes of editing your profile ------------------------------------------------ Profile input boxes XSS vuln with cookie disclosure: Data isn't sanatized, try entering the code below: Screenshots:...

Cybersocieties.txt

Cybersocieties.com Homepage: http://www.cybersocieties.com Effected files: Input boxes in profile: - Full name box - Occupation box - MSN box - Yahoo box - AIM Box Viewing a profile ------------------------------------------------------ XSS vuln via input boxes in profile: No filter evasion is...

asianxoXSS.txt

AsianXO.com Homepage: http://www.asianxo.com/ Effected files: directory.php profiles.php Input boxes of editing profile ---------------------------- XSS Vulnerability via dirid: Directory.php PoC: http://www.axo2.com/directory.php?dirid=1" inaurl injection along with tags, which also reveals some...

fxAPPXSS.txt

fx-APP Version 0.0.8.1 Homepage: http://fx-app.org/ Effected files: search input box index.cgi input boxes on your profile adding a menu item ------------------------------------------------------- I noticed there was already several BID's on the a script WebAPP:...

mole.com.ua Ticket Booking Script - XSS

Ticket Booking Script Homepage: http://www.mole.com.ua Effected files: input boxes on booking2.php XSS Vulnerabilities: The input boxes on booking2.php do not sanatize userinput before geenrating it and then submitting it to a MySQL db. This can causes XSS examples as well as possible SQL...

E-Dating System from scriptsez.net - XSS

E-Dating System Homepage: http://www.scriptsez.net/ Effected files: Input boxes. cindex.php Description: A Professional dating system that uses flatfiles instead of MySQL. XSS Vulnerabilities PoC: The input boxes of sending a message, and editing your profile do not properally filter user input...