14 matches found
tesionline.it XSS vulnerability
Open Bug Bounty ID: OBB-527799 Description| Value ---|--- Affected Website:| tesionline.it Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Disclosure Standard:| Coordinated Disclosure based...
apps.itsc.cuhk.edu.hk XSS vulnerability
Open Bug Bounty ID: OBB-303429 Description| Value ---|--- Affected Website:| apps.itsc.cuhk.edu.hk Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
knoxrod.org XSS vulnerability
Vulnerable URL: https://www.knoxrod.org/recordings/logon.asp?RedirURL=1/-///'/"//--...
suport.gencat.cat XSS vulnerability
Vulnerable URL: http://suport.gencat.cat/framedesk/logon.asp?URL=%22%3E%3Cimg%20src=x%20onerror=confirm%22XSS%22%3E%3C/ Details: Description| Value ---|--- Patched:| No Latest check for patch:| 31.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not...
Shopping Tree Cross Site Scripting
Exploit Title: Shopping Tree Cross Site Scripting Google Dork: "Shopping Tree, Inc" Date: 14/08/2012 Author: IranianDarkCodersTeam Discovered By : Nafsh Site : http://idc-team.net/ Software Link: http://www.shoppingtree.com Bug : /logon.asp?msg= Xss Example :...
Cross site scripting
Cross-site scripting XSS vulnerability in admin/logon.asp in ShoppingTree CandyPress Store 4.1 allows remote attackers to inject arbitrary web script or HTML via the msg parameter, a different vector than CVE-2007-2804. NOTE: the provenance of this information is unknown; the details are obtained...
CVE-2007-5629
CVE-2007-5629 describes a cross-site scripting (XSS) vulnerability in ShoppingTree CandyPress Store 4.1, specifically in admin/logon.asp, where an attacker can inject arbitrary script/HTML via the msg parameter. The entry notes this as a different vector than CVE-2007-2804. The connected document...
Sql injection
SQL injection vulnerability in Logon.asp in MaxxSchedule 1.0 allows remote attackers to execute arbitrary SQL commands via the txtLogon parameter...
CVE-2006-2258
Cross-site scripting XSS vulnerability in Logon.asp in MaxxSchedule 1.0 allows remote attackers to inject arbitrary web script or HTML via the Error parameter...
Cross site scripting
Cross-site scripting XSS vulnerability in Logon.asp in MaxxSchedule 1.0 allows remote attackers to inject arbitrary web script or HTML via the Error parameter...
CVE-2006-2259
SQL injection vulnerability in Logon.asp in MaxxSchedule 1.0 allows remote attackers to execute arbitrary SQL commands via the txtLogon parameter...
CVE-2006-2259
This CVE (CVE-2006-2259) is a SQL injection vulnerability in Logon.asp of MaxxSchedule 1.0, exploitable via the txtLogon parameter to execute arbitrary SQL commands. The NVD entry specifies a base score of 7.5 (HIGH) with network attack vector and low attack complexity, indicating remote exposure...
CVE-2006-2258
The CVE-2006-2258 entry describes a Cross-site scripting (XSS) vulnerability in Logon.asp of MaxxSchedule 1.0, exploitable via the Error parameter to inject arbitrary script/HTML. The issue affects the Logon.asp component of MaxxSchedule 1.0 and arises from improper handling of the Error paramete...
CVE-2006-2258
Cross-site scripting XSS vulnerability in Logon.asp in MaxxSchedule 1.0 allows remote attackers to inject arbitrary web script or HTML via the Error parameter...