Cross site scripting

Stored XSS in the "Username" & "Email" input fields leads to account takeover of Admin & Co-admin users in GitHub repository causefx/organizr prior to 2.1.1810. Account takeover and privilege escalation...

Multiple Stored XSS

Description The organizr application allows malicious javascript payload in multiple-input fields like "Categories", "Bookmark Tabs" and "Bookmark Categories" for which attacker can takeover the admin account. Proof of Concept 1.Login to the co-admin account and go to go to "Settings" - "Tab...

TotoLink A3100R 操作系统操作系统命令注入漏洞

TotoLink A3100R is a series of wireless routers from TotoLink, Taiwan, China.TotoLink A3100R version V5.9c.4577 contains an operating system command injection vulnerability that stems from input fields that are not properly filtered and can be exploited by an attacker to cause a command injection...

Stored XSS in "Name", "Group Name" & "Title"

Description The application allows img tag & src attribute in "Name","Title" & "Group Name" fields for which attackers can perform stored cross-site scripting. Proof of Concept 1.Login to the application and go to profile. 2.Now in the "Name" input field paste the below payload and click on "SAVE...

Integer Overflow or Wraparound

Description The microweber application allows large characters to insert in the input field like "Town, ZIP, State, Address, and Additional Info field" which can allow attackers to cause a Denial of Service DoS via a crafted HTTP request. Proof of Concept 1.Buy a product and in the Shipping metho...

CVE-2022-23321

A persistent cross-site scripting XSS vulnerability exists on two input fields within the administrative panel when editing users in the XMPie UStore application on version 12.3.7244.0...

CVE-2022-23321

A persistent cross-site scripting XSS vulnerability exists on two input fields within the administrative panel when editing users in the XMPie UStore application on version 12.3.7244.0...

CVE-2022-23321

A persistent cross-site scripting XSS vulnerability exists on two input fields within the administrative panel when editing users in the XMPie UStore application on version 12.3.7244.0...

Cross site scripting

A persistent cross-site scripting XSS vulnerability exists on two input fields within the administrative panel when editing users in the XMPie UStore application on version 12.3.7244.0...

CVE-2022-23321

A persistent cross-site scripting XSS vulnerability exists on two input fields within the administrative panel when editing users in the XMPie UStore application on version 12.3.7244.0...

XMPie UStore 跨站脚本漏洞

Xmpie Ustore is a network printing solution from Xmpie USA. A security vulnerability exists in the XMPie UStore application that stems from a persistent cross-site scripting XSS vulnerability in two input fields in the admin panel when editing a user in the XMPie UStore application, version...

PT-2022-15929 · Xmpie · Xmpie Ustore

Name of the Vulnerable Software and Affected Versions: XMPie UStore version 12.3.7244.0 Description: A persistent cross-site scripting XSS issue exists in the administrative panel when editing users, specifically affecting two input fields. Recommendations: For version 12.3.7244.0, consider...

Patient Appointment Scheduler System SQL注入漏洞

Patient Appointment Scheduler System is a patient appointment scheduling system project. It provides an online platform for clinic patients or potential patients to schedule appointments with physicians. patient Appointment Scheduler System version 1.0 contains a SQL injection vulnerability that...

Apache Pluto 跨站脚本漏洞

A cross-site scripting vulnerability exists in the Apache Pluto Applicant MVCBean CDI portlet, which stems from the Apache Pluto Applicant MVCBean CDI runtime environment. portlet is vulnerable to cross-site scripting XSS attacks in the input fields of the JSP version of the portlet. No details o...

Hostel Management System 2.1 - Cross Site Scripting Vulnerability

Exploit Title: Hostel Management System 2.1 - Cross Site Scripting XSS Exploit Author: Chinmay Vishwas Divekar Vendor Homepage: https://phpgurukul.com/hostel-management-system/ Software Link: https://phpgurukul.com/hostel-management-system/ Version: V 2.1 Tested on: PopOS20.10 Steps to reproduce ...

Hostel Management System 2.1 - Cross Site Scripting (XSS)

Exploit Title: Hostel Management System 2.1 - Cross Site Scripting XSS Date: 26/12/2021 Exploit Author: Chinmay Vishwas Divekar Vendor Homepage: https://phpgurukul.com/hostel-management-system/ Software Link: https://phpgurukul.com/hostel-management-system/ Version: V 2.1 Tested on: PopOS20.10...

Hostel Management System 2.1 Cross Site Scripting

Exploit Title: Hostel Management System 2.1 - Cross Site Scripting XSS Date: 26/12/2021 Exploit Author: Chinmay Vishwas Divekar Vendor Homepage: https://phpgurukul.com/hostel-management-system/ Software Link: https://phpgurukul.com/hostel-management-system/ Version: V 2.1 Tested on: PopOS20.10...

CVE-2020-28956

Multiple cross-site scripting XSS vulnerabilities in the Sales module of SugarCRM v6.5.18 allows attackers to execute arbitrary web scripts or HTML via crafted payloads entered into the primary address state or alternate address state input fields...

Cross site scripting

Phpgurukul User Registration & User Management System v2.0 was discovered to contain multiple stored cross-site scripting XSS vulnerabilities via the firstname and lastname parameters of the registration form & loginsystem input fields...

CVE-2020-23051

Phpgurukul User Registration & User Management System v2.0 was discovered to contain multiple stored cross-site scripting XSS vulnerabilities via the firstname and lastname parameters of the registration form & loginsystem input fields...