CVE-2017-12126

An exploitable cross-site request forgery vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP packet can cause cross-site request forgery. An attacker can create malicious HTML to trigger this vulnerability...

Frog CMS 0.9.5 - Cross-Site Request Forgery (Add User) Vulnerability

Exploit for php platform in category web applications Exploit Title:​​ Cross Site Request Forgery- Frog CMS Exploit Author: Samrat Das Contact: http://twitter.com/SamratDas93 Website: https://securitywarrior9.blogspot.in/ Vendor Homepage: https://github.com/philippe/FrogCMS Version: 0.9.5 CVE :...

Frog CMS 0.9.5 - Cross-Site Request Forgery (Add User)

Frog CMS 0.9.5 - Cross-Site Request Forgery Add User Exploit Title:​​ Cross Site Request Forgery- Frog CMS Date: 31-03-2018 Exploit Author: Samrat Das Contact: http://twitter.com/SamratDas93 Website: https://securitywarrior9.blogspot.in/ Vendor Homepage: https://github.com/philippe/FrogCMS Versio...

Node.js third-party modules: [glance] Stored XSS via file name allows to run arbitrary JavaScript when directory listing is displayed in browser

Hi Guys, There is a Stored XSS vulnerability in glance module. File name, which contains malicious HTML eg. embedded iframe element or javascript: pseudoprotocol handler in element allows to execute JavaScript code against any user who opens directory listing contains such crafted file name. Modu...

Node.js third-party modules: [anywhere] An iframe element with url to malicious HTML file (with eg. JavaScript malware) can be used as filename and served via anywhere

Hi Guys, anywhere allows to embed HTML in file names, which in certain conditions might lead to execute malicious JavaScript. Module: Running static file server anywhere. https://www.npmjs.com/package/anywhere Description To embed malicious tag with JavaScript code to execute, / character is...

Google Chrome omnibox content spoofing vulnerability

Google Chrome for Mac is a Mac-based web browser developed by Google, Inc. interstitials is one of the advertising plug-ins. A security vulnerability exists in interstitials in Google Chrome for Mac. A remote attacker can exploit this vulnerability to forge omnibox content with the help of...

IBM OpenPages GRC Platform HTML Injection Vulnerability

IBM OpenPages GRC Platform is a suite of governance, risk and compliance platforms for managing enterprise risk and compliance challenges from IBM in the United States. The platform provides a set of core services and functional components across the risk and compliance domains, including...

PT-2017-4165 · Microsoft · Office 365 +1

Name of the Vulnerable Software and Affected Versions: Microsoft Outlook versions 2010 SP2 through 2016 Microsoft Office 365 affected versions not specified Description: The issue is related to the improper handling of objects in memory by Microsoft Outlook, allowing an attacker to execute...

Elasticsearch Kibana Cross-Site Scripting Vulnerability (CNVD-2017-15521)

Elasticsearch Kibana is a suite of open source, browser-based tools for analyzing and searching Elasticsearch dashboards. A cross-site scripting vulnerability exists in Elasticsearch Kibana, which allows remote attackers to exploit the vulnerability to inject malicious script or HTML code, which...

Input validation

IBM DOORS Next Generation DNG/RRC 4.0, 5.0 and 6.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 124756...

CVE-2016-6037

IBM Rational Team Concert RTC is vulnerable to HTML injection. A remote attacker with project administrator privileges could send a project that contains malicious HTML code, which when the project is viewed, would be executed in the victim's Web browser within the security context of the hosting...

CVE-2016-6037

IBM Rational Team Concert RTC is vulnerable to HTML injection. A remote attacker with project administrator privileges could send a project that contains malicious HTML code, which when the project is viewed, would be executed in the victim's Web browser within the security context of the hosting...

CVE-2016-6037

IBM Rational Team Concert RTC is vulnerable to HTML injection. A remote attacker with project administrator privileges could send a project that contains malicious HTML code, which when the project is viewed, would be executed in the victim's Web browser within the security context of the hosting...

morty - Privacy aware web content sanitizer proxy as a service

Web content sanitizer proxy as a service. Morty rewrites web pages to exclude malicious HTML tags and attributes. It also replaces external resource references to prevent third party information leaks. The main goal of morty is to provide a result proxy for searx , but it can be used as a...

CVE-2016-9696

IBM Rhapsody DM 4.0, 5.0, and 6.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM Reference : 1999960...

Suspicious Metadata Mail Phishing Redirection

Mail attachment containing a malicious html file was observed as part of recent campaigns. A remote attacker could send spam e-mails including those html and redirects users to manually download malicious files...

CVE-2016-5897

IBM Jazz Reporting Service JRS is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site...

Design/Logic Flaw

IBM Jazz Reporting Service JRS is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site...

IBM Connections File Upload Vulnerability

IBM Connections is a suite of social software platforms from IBM in the United States. The platform provides advanced analytics and real-time data monitoring capabilities, and accelerates web collaboration within and outside the organization through IBM SmartCloud services. A file upload...

Basit 1.0 Submit Module Cross Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/7139/info A cross-site scripting vulnerability has been reported for Basit. This vulnerability occurs due to insufficient sanitization of some user-supplied input. As a result of this deficiency an attacker may exploit th...