Zendesk: XSS in zendesk.com/product/

Vulnerable urls: https://www.zendesk.com/product/tour/ https://www.zendesk.com/product/pricing/ or just https://www.zendesk.com/product/ Vulnerable parameter is a cvosid1, used in live.js to call convertro code without sanitizing. This leads to generating malformed javascript answer with XSS...

drchrono: Template stored XSS

The template filed names are not escaped properly, which gives an opportunity to inject HTML tags with javascript there. 1. Log into your account 2. Open the template builder https://%yourdomain%.drchrono.com/clinical/advancedformbuilder 3. Create a new template with a field called 4. Save the...

Reflective XSS Vulnerability in EasyCMS Enterprise Marketing Management System Administration Backend

EasyCMS is a web content management system based on PHP+Mysql architecture. A reflective XSS vulnerability exists in the administration backend of the EasyCMS enterprise marketing management system, which can be exploited by an attacker to submit data with js code on the personal information page...

Uber: Stored XSS on newsroom.uber.com admin panel / Stream WordPress plugin

newsroom.uber.com uses a WordPress plugin called Stream to log user activity. In some cases the logged events aren't sanitized properly and can contain HTML tags and JavaScript. An unauthenticated user can produce such a log message to inject JavaScript in the admin panel. When an administrator...

Cross-site Scripting Vulnerability in WPSMAIL Email Client

WPS Mail is a mail sending and receiving software developed by Kingsoft Group. There is a cross-site scripting vulnerability in the WPSMAIL email client, where js code is added to the content of sent emails, which triggers a cross-site attack when receiving emails...

FreeBSD : xymon-server -- multiple vulnerabilities (1cecd5e0-c372-11e5-96d6-14dae9d210b8)

J.C. Cleaver reports : - CVE-2016-2054: Buffer overflow in xymond handling of 'config' command - CVE-2016-2055: Access to possibly confidential files in the Xymon configuration directory - CVE-2016-2056: Shell command injection in the 'useradm' and 'chpasswd' web applications - CVE-2016-2057:...

xymon-server -- multiple vulnerabilities

J.C. Cleaver reports: CVE-2016-2054: Buffer overflow in xymond handling of "config" command CVE-2016-2055: Access to possibly confidential files in the Xymon configuration directory CVE-2016-2056: Shell command injection in the "useradm" and "chpasswd" web applications CVE-2016-2057: Incorrect...

phpDolphin 2.0.5 - Multiple Vulnerabilities

Exploit for php platform in category web applications Exploit Title: phpDolphin http://target.com/index.php?a=search&q=teste&filter=m"XSS CSRF ==== We've found no protection against CSRF Cross-site Request Forgery, which made possible to do any kind of act on a user or admin account. NO FORMS are...

Open Source Social Network 3.5 Cross Site Scripting

Security Advisory - Curesec Research Team 1. Introduction Affected Open Source Social Network 3.5 Product: Fixed in: 3.6 Fixed Version https://www.opensource-socialnetwork.org/downloads/ Link: ossn-v3.6-1443545762.zip Vendor Contact: https://www.opensource-socialnetwork.org/contact Vulnerability...

Supercali Event Calendar 1.0.8 Cross Site Scripting

Security Advisory - Curesec Research Team 1. Introduction Affected Product: Supercali Event Calendar 1.0.8 Fixed in: not fixed Fixed Version Link: n/a Vendor Website: http://supercali.inforest.com/ Vulnerability Type: XSS Remote Exploitable: Yes Reported to vendor: 09/01/2015 Disclosed to public:...

Accentis Content Resource Management System Cross Site Scripting

Vulnerability type: Stored Cross Site Scripting Vendor: http://www.accentis.com.au/ Product: Accentis Content Resource Management System Credit: Foo Jong Meng, Chia Junyuan, Benjamin Tan CVE ID: CVE-2015-3425 PROOF OF CONCEPT XSS Accentis Content Resource Management System before October 2015 pat...

Sagem FAST3304-V2 - Authentication Bypass (2)

Sagem FAST3304-V2 - Authentication Bypass 2 ================================================================================ || | | || || || |/ | || |/ | | | | | | | | | | | \ | | | | \ ================================================================================ Exploit Title: Sagem javascrip...

Sagem FAST3304-V2 - Authentication Bypass (2)

================================================================================ || | | || || || |/ | || |/ | | | | | | | | | | | \ | | | | \ ================================================================================ Exploit Title: Sagem javascript injection Date: 27/10/15 Exploit Author:...

Mageia: Security Advisory (MGASA-2015-0302)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Oracle: Security Advisory (ELSA-2011-0909)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

IBM OpenPages GRC Platform Cross-Site Scripting Vulnerability (CNVD-2015-06298)

IBM OpenPages GRC Platform is a suite of governance, risk and compliance platforms for managing enterprise risk and compliance challenges. A cross-site scripting vulnerability exists in IBM OpenPages GRC Platform, which allows remote attackers to exploit the vulnerability to inject malicious scri...

Invision Power Board (IP.Board) 4.x - Persistent Cross-Site Scripting

Exploit Title: IP.Board 4.X Stored XSS Date: 27-08-2015 Software Link: https://www.invisionpower.com/ Exploit Author: snop. Contact: http://twitter.com/rabbitzorg Website: http://rabbitz.org Category: webapps 1. Description A registered or non-registered user can create a calendar event including...

mod_cluster: JavaScript code injection is possible via MCMP mod_manager messages

A flaw was found in the way the modcluster manager processed certain MCMP messages. An attacker with access to the network from which MCMP messages are allowed to be sent could use this flaw to execute arbitrary JavaScript code in the modcluster manager web interface...

mod_cluster: JavaScript code injection is possible via MCMP mod_manager messages

A flaw was found in the way the modcluster manager processed certain MCMP messages. An attacker with access to the network from which MCMP messages are allowed to be sent could use this flaw to execute arbitrary JavaScript code in the modcluster manager web interface...

Firefox PDF.js Privileged Javascript Injection

This module gains remote code execution on Firefox 35-36 by abusing a privilege escalation bug in resource:// URIs. PDF.js is used to exploit the bug. This exploit requires the user to click anywhere on the page to trigger the vulnerability. This module requires Metasploit:...