21 matches found
EUVD-2023-1063
Malicious code in bioql PyPI...
CVE-2017-20182
A vulnerability was found in Mobile Vikings Django AJAX Utilities up to 1.2.1 and classified as problematic. This issue affects the function Pagination of the file djangoajax/static/ajax-utilities/js/pagination.js of the component Backslash Handler. The manipulation of the argument url leads to...
GHSA-P4G9-C9QR-WMG5 Cross-site Scripting in django-ajax-utilities
A vulnerability was found in Mobile Vikings Django AJAX Utilities and classified as problematic. This issue affects the function Pagination of the file djangoajax/static/ajax-utilities/js/pagination.js of the component Backslash Handler. The manipulation of the argument url leads to cross site...
Cross-site Scripting in django-ajax-utilities
A vulnerability was found in Mobile Vikings Django AJAX Utilities and classified as problematic. This issue affects the function Pagination of the file djangoajax/static/ajax-utilities/js/pagination.js of the component Backslash Handler. The manipulation of the argument url leads to cross site...
CVE-2017-20182
A vulnerability was found in Mobile Vikings Django AJAX Utilities up to 1.2.1 and classified as problematic. This issue affects the function Pagination of the file djangoajax/static/ajax-utilities/js/pagination.js of the component Backslash Handler. The manipulation of the argument url leads to...
CVE-2017-20182
A vulnerability was found in Mobile Vikings Django AJAX Utilities up to 1.2.1 and classified as problematic. This issue affects the function Pagination of the file djangoajax/static/ajax-utilities/js/pagination.js of the component Backslash Handler. The manipulation of the argument url leads to...
Cross site scripting
A vulnerability was found in Mobile Vikings Django AJAX Utilities up to 1.2.1 and classified as problematic. This issue affects the function Pagination of the file djangoajax/static/ajax-utilities/js/pagination.js of the component Backslash Handler. The manipulation of the argument url leads to...
CVE-2017-20182 Mobile Vikings Django AJAX Utilities Backslash pagination.js Pagination cross site scripting
A vulnerability was found in Mobile Vikings Django AJAX Utilities up to 1.2.1 and classified as problematic. This issue affects the function Pagination of the file djangoajax/static/ajax-utilities/js/pagination.js of the component Backslash Handler. The manipulation of the argument url leads to...
CVE-2017-20182 Mobile Vikings Django AJAX Utilities Backslash pagination.js Pagination cross site scripting
A vulnerability was found in Mobile Vikings Django AJAX Utilities up to 1.2.1 and classified as problematic. This issue affects the function Pagination of the file djangoajax/static/ajax-utilities/js/pagination.js of the component Backslash Handler. The manipulation of the argument url leads to...
CVE-2017-20182
The CVE-2017-20182 entry concerns Mobile Vikings Django AJAX Utilities (up to 1.2.1). The vulnerability resides in the Pagination function of django_ajax/static/ajax-utilities/js/pagination.js within the Backslash Handler, where manipulating the url parameter enables cross-site scripting. The iss...
Mobile Vikings: XSS Vulnerability on all pages
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Load this URL: https://vikingco.com/en/home/ttttttalert0 Notice the alert0 box. This is caused by allowing for the user to inject alert0 which will simply close the current script tag and then create a new one with alert0 in it alert0. If you need any...
Mobile Vikings: Approve topup method by sender of this method
user A has a sim and send auth request to user B user B accepted it and decide to add to shared sim own topup method user B goes to https://mobilevikings.be/en/account/easypay/auto-sms-topup/ - select shared sim card and select method in section "Choose a payment method" and submit form. User A g...
Mobile Vikings: Enum phone numbers thru /en/sims/topup/add/
Using request: POST /en/sims/topup/add/? HTTP/1.1 Host: mobilevikings.be User-Agent: Mozilla/5.0 Macintosh; Intel Mac OS X 10.9; rv:35.0 Gecko/20100101 Firefox/35.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language: ru-RU,ru;q=0.8,en-US;q=0.5,en;q=0.3...
Mobile Vikings: Username and sim id enum
Look at this url GET request https://mobilevikings.be/en/sims/authorization/remove/admin/1036358/ - looks good - admin user detected https://mobilevikings.be/en/sims/authorization/remove/lloyd/1036358/ - looks good - lloyd user detected...
Mobile Vikings: CSRF token from another valid user session accepted
While testing website i have found interesting issue. For example request to remove sim auth: POST /en/sims/authorization/remove/admin/1036359/ HTTP/1.1 Host: mobilevikings.be User-Agent: Mozilla/5.0 Macintosh; Intel Mac OS X 10.9; rv:35.0 Gecko/20100101 Firefox/35.0 Accept: / Accept-Language:...
Mobile Vikings: Stored xss in user name (2) affected another user.
Again we have to users: A - attacker B - victim User A attacker has name - namealert1 and add auth to user B victim. User B receive a letter and get remider about new request on website. And open it https://mobilevikings.com/account/requests/ And probably press "Accept" and got xss fired. x:confi...
Mobile Vikings: Stored xss in user name
In prev report i showed xss in user name thru cookie, there is another place where this name shows and fired xss. After send auth request open https://mobilevikings.be/en/account/authorization/overview/ in account who send request and press "Remove authorization" and got another way to fire xss...
Mobile Vikings: Reflected xss in user name thru cookie
Imagine, that we have user A with name - namealert1 And user B User B request a sim card and the Add authorization to user A of course this is not the common way to exploit. As a result we have xss thru user name in flash message thru cookie. And ! we got properly singed cookie with xss payload...
Mobile Vikings: Number, username and name disclosure
when user request a new card he can input some viking's number as a referrer and in order review page he can see viking's username When he add authorization to his own sim, he can use not only email but username and as a result he can get full vikings name in auth list. See attach...
Mobile Vikings: Stored XSS in Direct debit name
Make new or edit old Direct debit for example https://mobilevikings.be/en/account/easypay/correct-direct-debit-mandate/111366/ 2. Fill owners name with payload asdf'"alertdocument.cookie 3. Save form. We got Stored XSS in pages: https://mobilevikings.be/en/account/easypay/...