CVE-2021-42838 Grand Vice info Co. webopac7 - Reflected XSS

Grand Vice info Co. webopac7 book search field parameter does not properly restrict the input of special characters, thus unauthenticated attackers can inject JavaScript syntax remotely, and further perform reflective XSS attacks...

CVE-2021-41565

TadTools special page parameter does not properly restrict the input of specific characters, thus remote attackers can inject JavaScript syntax without logging in, and further perform reflective XSS attacks...

Cross site scripting

The new add subject parameter of Tad Uploader view book list function fails to filter special characters. Unauthenticated attackers can remotely inject JavaScript syntax and execute stored XSS attacks...

CVE-2021-41567 Tad Uploader - Stored XSS

The new add subject parameter of Tad Uploader view book list function fails to filter special characters. Unauthenticated attackers can remotely inject JavaScript syntax and execute stored XSS attacks...

CVE-2020-35740

HGiga MailSherlock does not validate specific URL parameters properly that allows attackers to inject JavaScript syntax for XSS attacks...

Hardcoded credentials

HGiga MailSherlock does not validate specific URL parameters properly that allows attackers to inject JavaScript syntax for XSS attacks...

WordPress Postie 1.9.40 Plugin - Persistent Cross-Site Scripting Exploit

Exploit for php platform in category web applications Exploit Title: WordPress Plugin Postie 1.9.40 - Persistent Cross-Site Scripting Google Dork: inurl:/wp-content/plugins/postie/readme.txt Date: 2020-01-15 Exploit Author: V1n1v131r4 Vendor Homepage: https://postieplugin.com/ Software Link:...

Google Chrome 31.0 Webkit Auditor Bypass

Title: Chrome 31.0 Webkit XSS Auditor Bypass Product: Google Chrome Author: Rafay Baloch @rafaybaloch And PEPE Vila ============ Description ============ Chrome XSS Auditor is a client side XSS filter used by google chrome to protect against XSS attacks. Chrome XSS filter has already been beaten ...

CVE-2008-5507

Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allow remote attackers to bypass the same origin policy and access portions of data from another domain via a JavaScript URL that redirects to the target resource, which...