WordPress plugin 'FormCraft' cross-site request forgery vulnerability

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. A cross-site request forgery vulnerability exists in the WordPress plugin 'FormCraft'. If a user logs into the WordPress admi...

WordPress plugin "FormCraft" vulnerable to cross-site request forgery

Overview The WordPress plugin "FormCraft" provided by nCrafts contains a cross-site request forgery vulnerability CWE-352. Masaki Saito of TDU Cryptography Lab. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impac...

X (Formerly Twitter): Twitter lite(Android): Vulnerable to local file steal, Javascript injection, Open redirect

Summary: com.twitter.android.lite.TwitterLiteActivity is set to exported and doesn't validate data pass to intent due to which this activity vulnerable to steal users local files, javascript injection and open redirect. Description: com.twitter.android.lite.TwitterLiteActivity is set to exported ...

The vulnerability of the Golden VM component in the Juniper ATP intrusion prevention system allows a intruder to inject arbitrary JavaScript code into the loaded page and gain access to protected data.

The vulnerability of the Golden VM component in the Juniper ATP intrusion prevention system is related to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to inject arbitrary JavaScript code into the uploaded page and gain access to protected data...

The vulnerability of the Snort Rules configuration component of the Juniper ATP intrusion prevention system allows a perpetrator to inject arbitrary JavaScript code into the uploaded page and gain access to the protected data.

The vulnerability of the Snort Rules configuration component of the Juniper ATP intrusion prevention system is related to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to inject arbitrary JavaScript code into the uploaded page and gain access to...

The vulnerability of the RADIUS configuration menu component of the Juniper ATP intrusion prevention system allows a intruder to inject arbitrary JavaScript code into the loaded page and gain access to protected data.

The vulnerability of the RADIUS configuration menu of the Juniper ATP intrusion prevention system is related to insufficient validation of entered data. Exploiting this vulnerability allows a malicious actor to inject arbitrary JavaScript code into the uploaded page and gain access to protected...

The vulnerability of the Zone configuration component of the Juniper ATP intrusion prevention system allows a intruder to inject arbitrary JavaScript code into the loaded page and gain access to protected data.

The vulnerability of the Zone configuration component of the Juniper ATP intrusion prevention system is related to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to inject arbitrary JavaScript code into the loaded page and gain access to protected da...

The vulnerability of the Email Collectors component in the Juniper ATP intrusion prevention system allows a intruder to inject any arbitrary JavaScript code into the uploaded page and gain access to protected data.

The vulnerability of the Email Collectors component in the Juniper ATP intrusion prevention system is related to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to inject arbitrary JavaScript code into the uploaded page and gain access to protected da...

The vulnerability of the file upload menu component in the Juniper ATP intrusion prevention system allows a intruder to inject any desired JavaScript code into the uploaded page and gain access to protected data.

The vulnerability of the file upload menu component in the Juniper ATP intrusion prevention system is related to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to inject arbitrary JavaScript code into the uploaded page and gain access to protected da...

The vulnerability of the Cisco Prime Network lifecycle management software allows a hacker to inject any HTML or JavaScript code into the loaded page.

The vulnerability of the Cisco Prime Network lifecycle management software is related to insufficient validation of input data. Exploiting this vulnerability allows an attacker to inject arbitrary HTML or JavaScript code into the uploaded page through a specially crafted link...

The vulnerability in the web interface of the Cisco Identity Services Engine allows a perpetrator to inject arbitrary JavaScript code into the loaded page and gain access to protected data.

The vulnerability of the Cisco Identity Services Engine web interface relates to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to inject arbitrary JavaScript code into the loaded page and gain access to protected data by redirecting users to a...

Zuz Music 2.1 - zuzconsole___contact Persistent Cross-Site Scripting

Zuz Music 2.1 - zuzconsolecontact Persistent Cross-Site Scripting Exploit Title: Zuz Music 2.1 - 'zuzconsole/contact ' Persistent Cross-site Scripting Google Dork: N/A Date: 14 Feb 2019 Exploit Author: Deyaa Muhammad Author EMail: contact at deyaa.me Author Blog: http://deyaa.me Vendor Homepage:...

The vulnerability in the web interface of the operating system PAN-OS allows a hacker to inject any desired JavaScript or HTML code into the web page that is being uploaded.

The vulnerability of the PAN-OS operating system’s web interface exists due to insufficient protection of the web page structure. Exploiting this vulnerability allows a malicious actor to inject arbitrary JavaScript or HTML code into the loaded web page from a remote location...

The vulnerability of the PAN-OS operating system arises from insufficient protection of the web page structure, allowing attackers to inject any desired JavaScript or HTML code into the loaded web page.

The vulnerability of the PAN-OS operating system exists due to insufficient protection of the web page structure. Exploiting this vulnerability allows a malicious actor to inject arbitrary JavaScript or HTML code into the loaded web page from a remote location...

CVE-2018-20232

The labels widget gadget in Atlassian Jira before version 7.6.11 and from version 7.7.0 before version 7.13.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in the rendering of retrieved content from a url location that could be...

Stored Cross-Site Scripting Vulnerability in the Daimi CMS da***.me***.php File (CNVD-2019-06660)

DAMI CMS is a PC building station and cell phone building station integrated all-in-one system. A stored cross-site scripting vulnerability exists in the dam.mem.php file of the Dami CMS. An attacker can insert malicious js code into the page to obtain user cookies and other information, leading ...

TAU Threat Intelligence Notification – Fake Movie File Attack Targeting Cryptocurrency

A malicious Windows shortcut file is posing as a movie available on a torrent site - its payload is used to conduct web-injection, ultimately targeting victim’s web searches in browsers like Chrome, Firefox and Internet Explorer. The payload has the ability to search for and steal cryptocurrency...

Cross site scripting

OPT/NET BV NG-NetMS version v3.6-2 and earlier versions contains a Cross Site Scripting XSS vulnerability in /js/libs/jstree/demo/filebrowser/index.php page. The "id" and "operation" GET parameters can be used to inject arbitrary JavaScript which is returned in the page's response that can result...

Zimbra Collaboration Cross Site Scripting

CVE-2018-14013 Reflected Cross-Site Scripting XSS vulnerabilities in Zimbra Collaboration Description Two XSS vulnerabilities have been discovered in Zimbra Collaboration initially in version 8.8.8. Zimbra Collaboration is an open source messaging and collaboration solution. Vulnerability records...

CVE-2019-7250

An issue was discovered in the Cross Reference Add-on 36 for Google Docs. Stored XSS in the preview boxes in the configuration panel may allow a malicious user to use both label text and references text to inject arbitrary JavaScript code via SCRIPT elements, event handlers, etc.. Since this code...