7 matches found
Cross-site Scripting (XSS)
tinymighty/wiki-seo is vulnerable to Cross-Site Scripting XSS. The vulnerability exist in the Meta Property Tag Handler parameter of WikiSEO.body.php due to the lack of validation in the html elements when adding a user which allows an attacker to inject and execute malicious JavaScript...
tinymighty WikiSEO is vulnerable to cross-site scripting via modifyHTML function
A vulnerability was found in tinymighty WikiSEO 1.2.1. This affects the function modifyHTML of the file WikiSEO.body.php of the component Meta Property Tag Handler. The manipulation of the argument content leads to cross site scripting. It is possible to initiate the attack remotely. The exploit...
GHSA-84MM-PRJG-49XM tinymighty WikiSEO is vulnerable to cross-site scripting via modifyHTML function
A vulnerability was found in tinymighty WikiSEO 1.2.1. This affects the function modifyHTML of the file WikiSEO.body.php of the component Meta Property Tag Handler. The manipulation of the argument content leads to cross site scripting. It is possible to initiate the attack remotely. The exploit...
CVE-2015-10073 tinymighty WikiSEO Meta Property Tag WikiSEO.body.php modifyHTML cross site scripting
A vulnerability, which was classified as problematic, was found in tinymighty WikiSEO 1.2.1 on MediaWiki. This affects the function modifyHTML of the file WikiSEO.body.php of the component Meta Property Tag Handler. The manipulation of the argument content leads to cross site scripting. It is...
PT-2023-10252 · Unknown · Tinymighty Wikiseo
Name of the Vulnerable Software and Affected Versions: tinymighty WikiSEO version 1.2.1 Description: A vulnerability was found in tinymighty WikiSEO, affecting the function modifyHTML of the file WikiSEO.body.php of the component Meta Property Tag Handler. The manipulation of the argument content...
BugPoC: LFI to steal /etc/passwd - Bypass filter in the <meta property="og:image"> tag via redirect and much more
Hey Team, Good &simple challenge. Wasn't able to find time to attempt this initially but was able to go about it today. The explanation of the bug with the POC is hosted on bugpoc.com Here is the id & password as requested - BugPoC ID : bp-wHwB2qAF - Password : dARKlYbAnana89 POC Screenshot using...
InVision: Javascript Injection
In this webapge: █████████, the URL that is being loaded is listed as a meta property: html The problem is that when additional text is appended to the end of the URL, like this html , it is displayed as part of the HTML. By adding a quotation mark and closing the metaproperty tag like so: html "...