Cross-site Scripting (XSS)

pimcore/pimcore is vulnerable to Cross-Site Scripting XSS. The vulnerability exists due to the ajax function in pagination.js because the url sanitization regex pattern does not take into account backward slashes \ that modern browsers treat as forward slashes / , which allows an attacker to...

Json-Ptr type obfuscation vulnerability

Json-Ptr is a full implementation of Json pointer Rfc 6901 for Nodejs and modern browsers. a security vulnerability exists in Json-Ptr, which stems from a design or implementation impropriety in the code development process of a web system or product. No details of the vulnerability are currently...

json-ptr 安全漏洞

Json-Ptr is a full implementation of Json pointer Rfc 6901 for Nodejs and modern browsers. a security vulnerability exists in Json-Ptr, which stems from a design or implementation impropriety in the code development process of a web system or product. No details of the vulnerability are currently...

CVE-2021-39221

Nextcloud is an open-source, self-hosted productivity platform. The Nextcloud Contacts application prior to version 4.0.3 was vulnerable to a stored Cross-Site Scripting XSS vulnerability. For exploitation, a user would need to right-click on a malicious file and open the file in a new tab. Due t...

Cross site scripting

Nextcloud Circles is an open source social network built for the nextcloud ecosystem. In affected versions the Nextcloud Circles application is vulnerable to a stored Cross-Site Scripting XSS vulnerability. Due the strict Content-Security-Policy shipped with Nextcloud, this issue is not exploitab...

Code Injection in flitbit/json-ptr

✍️ Description json-ptr is a complete implementation of JSON Pointer RFC 6901 for nodejs and modern browsers. JsonPointer.get that is designed to get the target object's value at the pointer's location is vulnerable to arbitrary code injection and exection, mainly due to the lack of sanitizing for...

Netmap.Js - Fast Browser-Based Network Discovery Module

Fast browser-based network discovery module Description netmap.js provides browser-based host discovery and port scanning capabilities to allow you to map website visitors' networks. It's quite fast, making use of es6-promise-pool to efficiently run the maximum number of concurrent connections...

Exploiting Spectre Over the Internet

Google has demonstrated exploiting the Spectre CPU attack remotely over the web: Today, were sharing proof-of-concept PoC code that confirms the practicality of Spectre exploits against JavaScript engines. We use Google Chrome to demonstrate our attack, but these issues are not specific to Chrome...

Cross site scripting

Revive Adserver before 5.1.0 is vulnerable to a reflected cross-site scripting XSS vulnerability via the publicly accessible afr.php delivery script. While this issue was previously addressed in modern browsers as CVE-2020-8115, some older browsers e.g., IE10 that do not automatically URL encode...

Acronis: Reflected XSS via "Error" parameter on https://admin.acronis.com/admin/su/

Summary Hello, There is possible to inject arbitrary HTML constructions on the page /admin/su/. The problem is in the insufficient escaping of special characters like for the Error parameter. If this parameter contains a specially crafted vector, the application will return the page that will...

Missing 'X-XSS-Protection' Header

The HTTP 'X-XSS-Protection' response header is a feature of old browsers that allows websites to control their XSS auditors.\n\nThe server is not configured to return a 'X-XSS-Protection' header which means that any pages on this website could be at risk of a Cross-Site Scripting XSS attack. This...

GitLab: Stored XSS in merge request pages

Summary: I found a Stored XSS in merge request pages. Description: The exploit is via the parameter mergerequestsourcebranch of the request to create a New Merge Request. Steps To Reproduce: 1. Sign ikn to GitLab. 2. Click the "+" icon. 3. Click "New Project". 4. Fill out "Project name" form with...

U.S. Dept Of Defense: █████ - DOM-based XSS

Greetings, I've discovered a DOM-based XSS at ██████ Proof of concept: 1. Go to https://███/█████/home/troubleshoot.html?lang=en&returnUrl=https://█████/███████/home/signin.html?returnUrl=https%3A//████/██████████/home/user.html 2. In the username field, add the following code:...

Display Suite - Critical - Cross site scripting (XSS) - SA-CONTRIB-2018-019

Display Suite allows you to take full control over how your content is displayed using a drag and drop interface. The module doesn't sufficiently validate view modes provided dynamically via URLs leading to a reflected cross site scripting XSS attack. This vulnerability is mitigated only by the...

WebSummit: Reflected xss on websummit.net

Hey guys, TL;DR: Reflected XSS on websummit.net/attendees/featured-attendees as the q parameter is directly reflecting special characters in the data-url on the handlebars template section of the page, as opposed to URL encoding them. Proof of Concept: Visit...

New Relic: Cache-Control Misconfiguration Leads to Sensitive Information Leakage

Hi, This is a issue related with cache and information disclosure. Generally when a user is logged out, the session gets terminated and no data is of the previous session is accessible. But when cache control is not configured correctly, Sensitive data leak over browser even after user have logge...

Siemens Ruggedcom Addresses BEAST Flaw in WiMax Products

The BEAST attack on some TLS implementations made major news when it was disclosed, showing that attackers could intercept and decrypt SSL-protected sessions in real time, breaking a significant portion of the confidentiality model of the protocol. Vendors rushed to patch and implement mitigation...

Security-Assessment.com Advisory: Oracle JRE - java.net.URLConnection class - Same-of-Origin (SOP) Policy Bypass

, , . .' '. ', . , '. , ., , / / / ==/ / / / / / / | Y Y / /| / /||| / / /.-. / /:wq x.0 '=.|w|.=' ='"=. presents.. Oracle JRE - java.net.URLConnection class – Same-of-Origin SOP Policy Bypass PDF: http://www.security-assessment.com/files/advisories/OracleJREjavaneturlconnectionSOPBypass.pdf CVE...

SMA-DB 0.3.13 Multiple Remote File Inclusion Vulnerabilities

No description provided by source. SMA-DB 0.3.13 Multiple Remote File Inclusion Vulnerabilities bug found by Jose Luis Gongora Fernandez a.k.a JosS contact: sys-projectathotmail.com website: http://www.hack0wn.com/ - download: http://bluevirus.ch/media/downloads/SMA-DBv0.3.13.zip - about SMA-DB:...

SMA-DB 0.3.13 Remote File Inclusion

SMA-DB 0.3.13 Multiple Remote File Inclusion Vulnerabilities bug found by Jose Luis Gongora Fernandez a.k.a JosS contact: sys-projectathotmail.com website: http://www.hack0wn.com/ - download: http://bluevirus.ch/media/downloads/SMA-DBv0.3.13.zip - about SMA-DB: Written in PHP4: SMA-DB is a Databa...