4 matches found
Lumidek Associates Simple Food Website Cross-Site Request Forgery Vulnerability
Lumidek Associates Simple Food Website is a Simple Food Website CMS. version 1.0 of Lumidek Associates Simple Food Website is vulnerable to cross-site request forgery, which stems from a WEB application that does not adequately validate that the request is from a trusted user. An attacker could...
CVE-2017-8899
CVE-2017-8899 affects Invision Power Services (IPS) Community Suite 4.1.19.2 and earlier. The issue is a composite of Stored XSS and Information Disclosure in the attachments feature within User CP. The primary cause is the ability to upload an SVG document with a crafted attribute such as onload...
OLX: stored XSS in olx.pl - ogloszenie TITLE element - moderator acc can be hacked
Hello, The OLX.PL is vulnerable to stored XSS attack. When adding new advertisement, it is possible to put a payload in its title here I used Titlealert1 I see ads are being pre-moderated, however it can remain uncaught also the length limit in title field is enough to insert into it e.g. a BeEF...
vBulletin 3.6.4 - 'inlinemod.php?postids' SQL Injection
input-cleanarraygpc'p', array 'postids' = TYPESTR, ; $postids = explode',',...