CVE-2019-10715

There is Stored XSS in Verodin Director 3.5.3.0 and earlier via input fields of certain tooltips, and on the Tags, Sequences, and Actors pages...

InJob < 3.3.8 - Reflected & Persistent XSS

Multiple XSS vulnerabilities have been founded in the 'InJob | Multi-purpose for recruitment WordPress Theme' theme v3.3.6. Edit WPScanTeam: September 16th, 2019 - Envato Contacted September 16th, 2019 - v3.3.7 released. XSS still present October 11th, 2019 - Envato contacted again for updates...

CVE-2017-18601

The examapp plugin 1.0 for WordPress has XSS via exam input text fields...

Design/Logic Flaw

The examapp plugin 1.0 for WordPress has XSS via exam input text fields...

CVE-2017-18601

The examapp plugin 1.0 for WordPress has XSS via exam input text fields...

Reality < 2.4.0 - Multiple Persistent XSS

----- Persistent XSS on any property page: ----- Vulnerable input fields: 1 - Description & Price - 'PRICE POSTFIX TEXT' and 'SECOND PRICE POSTFIX TEXT'; 2 - Additional Information - 'TITLE' and 'VALUE'; 3 - Location & Map - 'ADDRESS '. Payload Sample: ----- Persistent XSS on user profile page:...

Reality < 2.4.0 - Multiple Persistent XSS

----- Persistent XSS on any property page: ----- Vulnerable input fields: 1 - Description & Price - 'PRICE POSTFIX TEXT' and 'SECOND PRICE POSTFIX TEXT'; 2 - Additional Information - 'TITLE' and 'VALUE'; 3 - Location & Map - 'ADDRESS '. Payload Sample: ----- Persistent XSS on user profile page:...

Neo Billing 3.5 - Persistent Cross-Site Scripting

Neo Billing 3.5 - Persistent Cross-Site Scripting Exploit Title: Neo Billing 3.5 - Stored Cross Site Scripting Vulnerability Date: 18.8.2019. Exploit Author: n1x MS-WEB Vendor Homepage: https://codecanyon.net/item/neo-billing-accounting-invoicing-and-crm-software/20896547 Version: 3.5 CWE : CWE-7...

Apache Pluto 3.0.0 3.0.1 - Persistent Cross-Site Scripting

Apache Pluto 3.0.0 3.0.1 - Persistent Cross-Site Scripting Exploit Title: Stored XSS Date: 25-04-2019 Exploit Author: Dhiraj Mishra Vendor Homepage: https://portals.apache.org/pluto Software Link: https://portals.apache.org/pluto/download.html Version: 3.0.0, 3.0.1 Tested on: Ubuntu 16.04 LTS CVE...

Apache Pluto 3.0.0 / 3.0.1 - Persistent Cross-Site Scripting Vulnerability

Exploit for java platform in category web applications Exploit Title: Apache Pluto 3.0.0 / 3.0.1 - Persistent Cross-Site Scripting Vulnerability Exploit Author: Dhiraj Mishra Vendor Homepage: https://portals.apache.org/pluto Software Link: https://portals.apache.org/pluto/download.html Version:...

Apache Pluto 3.0.0 / 3.0.1 Cross Site Scripting

Exploit Title: Stored XSS Date: 25-04-2019 Exploit Author: Dhiraj Mishra Vendor Homepage: https://portals.apache.org/pluto Software Link: https://portals.apache.org/pluto/download.html Version: 3.0.0, 3.0.1 Tested on: Ubuntu 16.04 LTS CVE: CVE-2019-0186 References:...

Apache Pluto 3.0.0 / 3.0.1 - Persistent Cross-Site Scripting

Exploit Title: Stored XSS Date: 25-04-2019 Exploit Author: Dhiraj Mishra Vendor Homepage: https://portals.apache.org/pluto Software Link: https://portals.apache.org/pluto/download.html Version: 3.0.0, 3.0.1 Tested on: Ubuntu 16.04 LTS CVE: CVE-2019-0186 References:...

CVE-2018-16220

Cross Site Scripting in different input fields domain field and personal settings in AudioCodes 405HD VoIP phone with firmware 2.2.12 allows an attacker local or remote to inject JavaScript into the web interface of the device by manipulating the phone book entries or manipulating the domain name...

CVE-2018-16220

Cross Site Scripting in different input fields domain field and personal settings in AudioCodes 405HD VoIP phone with firmware 2.2.12 allows an attacker local or remote to inject JavaScript into the web interface of the device by manipulating the phone book entries or manipulating the domain name...

Portier Vision 4.4.4.2 4.4.4.6 - SQL Injection

Portier Vision 4.4.4.2 4.4.4.6 - SQL Injection -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2018-012 Product: PORTIER Affected Versions: 4.4.4.2, 4.4.4.6 Tested Versions: 4.4.4.2, 4.4.4.6 Vulnerability Type: SQL Injection CWE-89 Risk Level: HIGH Solution Status: Open...

CVE-2018-15182

PHP Scripts Mall Car Rental Script 2.0.8 has XSS via the FirstName and LastName fields...

CVE-2018-14541

PHP Scripts Mall Basic B2B Script 2.0.0 has Reflected and Stored XSS via the First name, Last name, Address 1, City, State, and Company name fields...

CVE-2018-14541

PHP Scripts Mall Basic B2B Script 2.0.0 has Reflected and Stored XSS via the First name, Last name, Address 1, City, State, and Company name fields...

Imgur: HTML Injection with XSS possible

Hi, I found HTML Injection on imgur.com Description: I couldn't get xss but i was able to include videos on my profile and also i was able to redirect users to malicious websites POC HTML injection: go to https://12test.imgur.com you don't need to login and you will see external videos and you wi...

Security Bulletin: Content Collector for Email is affected by vulnerability due to information disclosure in Apache MyFaces

Summary Content Collector for Email has addressed following vulnerability: Apache MyFaces could allow a remote attacker using specially crafted parameters to inject EL expressions into input fields mapped as view parameters and obtain sensitive information. Vulnerability Details CVEID:...