8 matches found
bitcoinaliens.com XSS vulnerability
Vulnerable URL: http://www.bitcoinaliens.com/faucet/vendor/phenx/php-font-lib/www/makesubset.php?fontfile=../fonts/indml1001.ttf=/%27%22--!%3E%20%3Cimg%20src=x%20onerror=alert%22OPENBUGBOUNTY%22%3E Details: Description| Value ---|--- Patched:| Yes, at 26.11.2017 Latest check for patch:| 26.11.201...
bitcoinaliens.com XSS vulnerability
Vulnerable URL: http://www.bitcoinaliens.com/faucet/vendor/phenx/php-font-lib/www/makesubset.php?fontfile=../fonts/indml1001.ttf=%3Csvg/onload=alert/XSSPOSED/%3E Details: Description| Value ---|--- Patched:| Yes, at 25.11.2017 Latest check for patch:| 25.11.2017 09:42 GMT Vulnerability type:| XSS...
parentzone.org.uk XSS vulnerability
Vulnerable URL: http://parentzone.org.uk/sites/all/libraries/dompdf/lib/php-font-lib/www/makesubset.php?fontfile=../fonts/indta1001.ttf=%3Csvg/onload=alert/XSSPOSED/%3E Details: Description| Value ---|--- Patched:| Yes, at 25.11.2017 Latest check for patch:| 25.11.2017 09:42 GMT Vulnerability...
DEBIAN-CVE-2014-2570
Cross-site scripting XSS vulnerability in www/makesubset.php in PHP Font Lib before 0.3.1 allows remote attackers to inject arbitrary web script or HTML via the name parameter...
UBUNTU-CVE-2014-2570
Cross-site scripting XSS vulnerability in www/makesubset.php in PHP Font Lib before 0.3.1 allows remote attackers to inject arbitrary web script or HTML via the name parameter...
CVE-2014-2570
CVE-2014-2570 is an XSS in PHP Font Lib prior to 0.3.1. The vulnerability affects www/make_subset.php and allows remote injection of script/HTML via the name parameter. The affected library/version is PHP Font Lib before 0.3.1; a fix is available in the 0.3.1 release (e.g., commit d13682b7e27d14a...
CVE-2014-2570 - php-font-lib 0.3 www/make_subset.php Reflected Cross Site Scripting
========================================================== php-font-lib - Subset maker makesubset.php Reflected Cross-site Scripting Revision 1.0 ========================================================== Author: Daniel C. Marques @0xc0da Release date: 2014-03-23 Reference:...
php-font-lib 'name'参数跨站脚本漏洞
Bugtraq ID:66380 CVE ID:CVE-2014-2570 php-font-lib是一款读取,解析,导出不同字体类型文件的PHP库。 通过"name" GET参数传递给www/makesubset.php的输入在返回用户之前缺少过滤,允许远程攻击者利用漏洞构建恶意URI,诱使用户解析,可获取敏感信息或劫持用户会话。 0 php-font-lib 0.x php-font-lib 0.3.1已经修复该漏洞,建议用户下载更新: https://github.com/PhenX/php-font-lib...