Concrete CMS: Stored XSS in Headline TextControl element in Express forms [ concrete5 8.1.0 ]

Intro Luke, I am your Crayons! Type of issue: Core CMS issue Level of severity: Internal Attack Vector Concrete5 version: 8.1.0 Summary There is Stored XSS vulnerability in Headline element of TextControl Express element. This vulnerability allows malicious user to embed JavaScript code and execu...

GitLab: [RDoc] XSS in project README files

Hi, While experimenting with parser bypass techniques, I discovered that RDoc markup could be used to inject a stored JavaScript payload into a project README.rdoc file. Please note that this issue is separate to my earlier report 200565 XSS with AsciiDoc markup, marked as duplicate. Steps to...

WordPress Canvas - Shortcodes 1.92 Cross Site Scripting

------------------------------------------------------------------------ Stored Cross-Site Scripting in WP Canvas - Shortcodes WordPress Plugin ------------------------------------------------------------------------ Yorick Koster, July 2016...

PortSwigger Web Security: XSS in IE11 on portswigger.net via Flash

Hello Portswigger Security Team, There is a reflective XSS vulnerability in portswigger.net. The flash file https://portswigger.net/burp/tutorials/video-js/video-js.swf is from an old video.js library version 3.2.0 which is vulnerable to XSS. This XSS will be blocked by CSP instruction object-src...

chromium-browser: universal xss in bookmarks

Bookmark handling in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android had insufficient validation of supplied data, which allowed a remote attacker to inject arbitrary scripts or HTML UXSS via crafted HTML pages, as demonstrated by an interpretation confli...

Concrete CMS: ProBlog 2.6.6 CSRF Exploit

Report Because the ProBlogs plugin did not validate the anti-csrf token on a POST request. A victim who is logged in could be fooled into clicking a malicious form styled to look like a link, image, etc which would create a page in their C5 website. Because the ProBlogs plugin does not validate t...

WordPress Kento Post View Counter 2.8 CSRF / Cross Site Scripting

I would like to disclose CSRF and stored XSS vulnerability in Kento post view counter plugin version 2.8 . The vulnerable Fields for XSS are kentopvcnumberslang kentopvctodaytext kentopvctotaltext The combination of CSRF and XSS in this plugin can lead to huge damage of the website, as the two...

X (Formerly Twitter): XSS using javascript:alert(8007)

I want to report a xss bug. On apps.twitter.com I logged in and start with new app. In new app there is a feild: website: where user has to gave website of app. I just put javascript:alert8007 pay load and popup appears...

SRC-2016-0002 : ATutor LMS Multiple Reflected Cross Site Scripting Vulnerabilities

Vulnerability Details: A total of 704 reflected Cross Site Scripting XSS vulnerabilities were found that can allow remote attackers to inject arbitrary web script or html via unspecified parameters against vulnerable installations of ATutor. User interaction is required to exploit this...

Hide My WP <= 4.51.1 - Stored Cross-Site Scripting (XSS)

An attacker can make a fake attack attempt, with a JavaScripting payload, which will be logged by the plugin, resulting in XSS. The attacker also can spoof their IP address in the logs by setting the X-FORWARDED-FOR header. curl --referer ' // :; ;' --header 'X-FORWARDED-FOR: 8.8.8.8'...

Epicor Retail Store Help System 3.2.03.01.008 Code Execution

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Title: Code Injection in Epicor Retail Store Help System CVE: CVE-2015-2210 Vendor: Epicor Product: CRS Retail Store v3.2.03.01.008 Affected version: 3.2.03.01.008 Reported by: Zeng Xianbo Joseph [email protected] Issue identified by: Zeng...

Stored XSS Vulnerability found on Atlassian

Hi ! My name is Andi Rrahmani and i am an Independent Security Researcher. I am writing this email to let you know of a Stored XSS Vulnerability that i found on atlassian.com . You will have the POC as an atachment to this report that i am making. Now i will show you in details how i managed to...

Stored XSS Vulnerability found on Atlassian

panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Server. Using Confluence Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/CONFCLOUD-47027. panel Hi ! I am writing this email to let you know of a Stored XSS Vulnerability that i found on atlassian.com . You will...

WordPress Count per Day Plugin 3.2.5 (counter.php) - XSS Vulnerability

No description provided by source. !/usr/bin/ruby Exploit Title: WordPress Count per Day 3.2.5 CSRF Google Dork: inurl:/wp-content/plugins/count-per-day Date: 18.03.2013 Exploit Author: m3tamantra http://m3tamantra.wordpress.com/blog Vendor Homepage:...

Wordpress Zingiri Web Shop Plugin <= 2.4.2 Persistent XSS

No description provided by source. Wordpress Zingiri Web Shop Plugin = 2.4.2 Stored XSS Exploit Title: Wordpress Zingiri Web Shop Plugin = 2.4.0 Stored XSS Google Dork: Date: 30 Apr 2012 Author: Mehmet Ince Twitter: https://twitter.com/!/mmetince Company: Bilgi Guvenligi Akademisi www.bga.com.tr...

businesswiki 2.5rc3 - Stored XSS & arbitrary file upload

No description provided by source. !/usr/bin/python ''' Exploit Title: Stored XSS & Arbitrary File Upload Vulnerabilities in BusinessWiki. Date: 23/08/2012 Exploit Author: Shai rod @NightRang3r Vendor Homepage: http://onbusinesswiki.com/ Software Link:...

XWiki 4.2-milestone-2 Multiple Stored XSS Vulnerabilities

No description provided by source. Exploit Title: Multiple Stored XSS Vulnerabilities in XWiki. Date: 26/08/2012 Exploit Author: Shai rod @NightRang3r Vendor Homepage: http://www.xwiki.org Software Link: http://enterprise.xwiki.org/xwiki/bin/view/Main/Download Version: 4.2-milestone-2 Gr33Tz:...

ASUS router drive-by code execution via XSS and authentication bypass

ASUS router drive-by code execution via XSS and authentication bypass ===================================================================== The latest version of this advisory is available at: https://sintonen.fi/advisories/asus-router-auth-bypass.txt Overview -------- Various ASUS routers contai...

ASUS Router Authentication Bypass / Cross Site Scripting

ASUS router drive-by code execution via XSS and authentication bypass ===================================================================== The latest version of this advisory is available at: https://sintonen.fi/advisories/asus-router-auth-bypass.txt Overview -------- Various ASUS routers contai...

Bitcoin Talk forum hacked; Database for Sale by Hacker; Website currently down

Bitcoin Talk, the popular Bitcoin discussion forum, has been hacked and as it stands the site is currently unreachable. Bitcointalk has been down for nearly 6 hours. The forums have been allegedly hacked and Defaced by "The Hole Seekers" and selling 150,000 emails and hashed passwords stolen from...