155 matches found
CVE-2017-15719
In Wicket jQuery UI 6.28.0 and earlier, 7.9.1 and earlier, and 8.0.0-M8 and earlier, a security issue has been discovered in the WYSIWYG editor that allows an attacker to submit arbitrary JS code to WYSIWYG editor...
CVE-2017-15719
CVE-2017-15719 describes a Cross-Site Scripting (XSS) flaw in the Wicket jQuery UI WYSIWYG editor. Affected versions are 6.28.0 and earlier, 7.9.1 and earlier, and 8.0.0-M8 and earlier. The issue allows an attacker to submit arbitrary JavaScript code to the WYSIWYG editor, enabling potential exec...
CVE-2017-1000509
Dolibarr 6.0.2 exposes a cross-site scripting (XSS) vulnerability in the Product details component, enabling execution of JavaScript. The issue is publicly documented across multiple feeds; maintainers indicate the fix is in version 7.0.0. No exploitation details are provided in the supplied docu...
Pornhub: Stored XSS (client-side, using cookie poisoning) on the pornhubpremium.com
The researcher discovered that a parameter's value was stored in a cookie and that cookie's value was echoed in certain pages. The researcher was successful in providing an XSS payload as this parameter's value and having it execute. DOM XSS through cookie. Discovered by manual inspection of JS...
WordPress WP-Contact-Widgets 1.4.1 Cross Site Scripting Vulnerability
WordPress WP-Contact-Widgets plugin version 1.4.1 suffers from a stored cross site scripting vulnerability. Exploit Title: Stored XSS on wp-contact-widgets 1.4.1 wordpress plugin Exploit Author: Boumediene KADDOUR Publisher: R&D Unit Algerie Telecom Version: 1.4.1 Application website:...
WebKit JSC BytecodeGenerator::emitGetByVal Incorrect Optimization
WebKit: JSC: Incorrect optimization in BytecodeGenerator::emitGetByVal CVE-2017-7061 Let's start with JS code. let o = ; for let i in xx: 0 oi; 0; i-- ForInContext& context = mforInContextStacki - 1.get; if context.local != property continue; if !context.isValid break; if context.type ==...
VMPanel cybervm log on at the parameters the username reflected XSS vulnerability
0x01 vulnerability profile VMPanel is a powerful Web-based service VMware Esx/Esxi control panel, the user can remotely create or delete the virtual machine. Official website: http://cybervm.com/ VMPanel in the login page the user name input box because the filter is not strict, resulting in XSS...
CVE-2016-6842
Open-Xchange OX App Suite prior to 7.8.2-rev8 contains a cross-site scripting issue in which setting a user’s name to JavaScript code causes that code to execute when the victim accesses the user’s shared Templates folder via OX Documents. The attack requires the folder to be shared to the victim...
Open-Xchange App Suite 7.8.2 - Cross-Site Scripting
Product: OX App Suite Vendor: OX Software GmbH Internal reference: 46484 Bug ID Vulnerability type: Cross Site Scripting CWE-80 Vulnerable version: 7.8.2 and earlier Vulnerable component: frontend Report confidence: Confirmed Solution status: Fixed by Vendor Fixed version: 7.6.2-rev46, 7.6.3-rev1...
Open-Xchange App Suite 7.8.2 - Cross Site Scripting
Exploit for cgi platform in category web applications Product: OX App Suite Vendor: OX Software GmbH Internal reference: 46484 Bug ID Vulnerability type: Cross Site Scripting CWE-80 Vulnerable version: 7.8.2 and earlier Vulnerable component: frontend Report confidence: Confirmed Solution status:...
Open-Xchange App Suite 7.8.2 Cross Site Scripting
Product: OX App Suite Vendor: OX Software GmbH Internal reference: 46484 Bug ID Vulnerability type: Cross Site Scripting CWE-80 Vulnerable version: 7.8.2 and earlier Vulnerable component: frontend Report confidence: Confirmed Solution status: Fixed by Vendor Fixed version: 7.6.2-rev46, 7.6.3-rev1...
WordPress User Submitted Posts 20151113 Cross Site Scripting
Exploit Title: WordPress User Submitted Posts Plugin Persistent XSS Discovery Date: 2016-02-10 Exploit Author: Panagiotis Vagenas Author Link: https://twitter.com/panVagenas Vendor Homepage: https://plugin-planet.com/ Software Link: https://wordpress.org/plugins/user-submitted-posts/ Version:...
WordPress SEO Rank Reporter Plugin <= 2.2.2 - Cross Site Scripting (XSS)
Because of this vulnerability, authenticated administrators can inject html or JS code. Vulnerable parameters are "keyworditem" and "entryurl". Solution Update the plugin...
WordPress My Link Order Plugin <= 4.3 - Cross Site Scripting (XSS)
Because of this XSS vulnerability, authenticated users can inject HTML or JS code. Vulnerable parameters are "cats" and "hdnCatID". Solution Update the plugin...
WordPress My Link Order Plugin <= 4.3 - Cross Site Scripting (XSS)
Because of this XSS vulnerability, authenticated users can inject HTML or JS code. Vulnerable parameters are "cats" and "hdnCatID". Solution Update the plugin...
Updated uglify-js packages fix security vulnerability
The UglifyJS node module has a problem where the combination of De Morgan's Law and non-boolean values can lead to a case where code is incorrectly minified, which can lead to possibly malicious minified JS code...
WordPress Contact Form Generator <= 2.0.1 - Multiple CSRF Vulnerabilities
Exploit for php platform in category web applications Live Demos. It is packed with a Template Creator Wizard to create fantastic forms in a matter of seconds without coding. copy of ´contactformgenerator.php´ file =================== TECHNICAL DETAILS =================== A CSRF issue was found i...
WordPress Social Locker Plugin <= 4.2.0 - Reflected Cross Site Scripting
Because of this vulnerability, authenticated administrators can inject HTML or JS code. Solution Update the plugin...
WordPress Social Bookmarking Light Plugin <= 1.7.9 - Cross Site Scripting
Because of this vulnerability, authenticated administrators can store HTML or JS code. Solution Update the plugin...
WordPress Plugin Free Counter 1.1 - Persistent Cross-Site Scripting
WordPress Plugin Free Counter 1.1 - Persistent Cross-Site Scripting Exploit Title: WordPress Free Counter Plugin Stored XSS Date: 2015/05/25 Exploit Author: Panagiotis Vagenas Contact: https://twitter.com/panVagenas Vendor Homepage: http://www.free-counter.org Software Link:...