27 matches found
Slack: Stored XSS in username.slack.com
Hi There is a stored XSS in username.slack.com. Steps to reproduce: 1. Login to your Slack 2. Goto "Create Private Group" and with any name and purpose 3. Goto https://manish.slack.com/messages/group/files/ 4. Upload a file hitting upload icon ^ filename shall be ".jpeg 5. After file is uploaded...
Jingdong IM web client file upload cause arbitrary JS execution-vulnerability warning-the black bar safety net
In jingdong online customer service system, customer service end of the page you can perform the client to write any JS code. Process: 1. Customer service access. 2. To upload a picture. 3. Because jingdong to the editor is a contenteditable=true div, so we can be of its contents for editing. 4. ...
EZEIP3. 0 multi-page upload validation vulnerability-vulnerability warning-the black bar safety net
Modify the IE browser security settings, the modulation is the highest, however, prohibit the js execution. 2. Open the Modify upload Type page, add aspx type, click Save, and then open the upload page to upload There is a problem of the upload Type page: http://www.XXX.com/...
EZEIP3. 0 multi-page upload validation vulnerability and fix-vulnerability warning-the black bar safety net
Modify the IE browser security settings, the modulation is the highest, however, prohibit the js execution. 2. Open the Modify upload Type page, add aspx type, click Save, and then open the upload page to upload There is a problem of the upload Type page:...
CentOS Update for thunderbird CESA-2009:1126 centos5 i386
Check for the Version of thunderbird OpenVAS Vulnerability Test CentOS Update for thunderbird CESA-2009:1126 centos5 i386 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or...
Coldfusion Fusebox V4.1.0 Vulnerability
This was discovered by myself over the weekend. I cant find out what versions of fusebox this vulnerability is in but seeing as it affects the main fusebox page I can only assume it is the latest v4.1.0 and possibly some older versions. According to the Fusebox site, What is Fusebox? Fusebox is a...
CVE-2002-0217
CVE-2002-0217 affects XOOPS 1.0 RC1 — the Private Message System is vulnerable to cross-site scripting via the PM title/field or the image parameter in pmlite.php. The root cause is insufficient input filtering, allowing remote attackers to run Javascript in other users’ browsers. Documented impa...