31 matches found
autoviva.sapo.pt XSS vulnerability
Open Bug Bounty ID: OBB-673256 Description| Value ---|--- Affected Website:| autoviva.sapo.pt Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
array.gr XSS vulnerability
Open Bug Bounty ID: OBB-671208 Description| Value ---|--- Affected Website:| array.gr Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
sindimoveis.org.br XSS vulnerability
Open Bug Bounty ID: OBB-586974 Description| Value ---|--- Affected Website:| sindimoveis.org.br Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
tecnedit.it XSS vulnerability
Open Bug Bounty ID: OBB-580084 Description| Value ---|--- Affected Website:| tecnedit.it Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
kitchen-aid.de XSS vulnerability
Open Bug Bounty ID: OBB-561396 Description| Value ---|--- Affected Website:| kitchen-aid.de Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
parcocorolla.it XSS vulnerability
Open Bug Bounty ID: OBB-553398 Description| Value ---|--- Affected Website:| parcocorolla.it Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
timothys.ca XSS vulnerability
Open Bug Bounty ID: OBB-385282 Description| Value ---|--- Affected Website:| timothys.ca Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Prevention Cheat Sheet...
emperordivers.com XSS vulnerability
Vulnerable URL: https://www.emperordivers.com/newsletter.php Details: Description| Value ---|--- Patched:| No Latest check for patch:| 18.01.2018 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 1447199 VIP website status:| No Coordinated Disclosure Timeline:...
denbraven.pl XSS vulnerability
Vulnerable URL: https://denbraven.pl/newsletter.php Details: Description| Value ---|--- Patched:| Verification in progress Latest check for patch:| 19.11.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 1732438 VIP website status:| No Check denbraven.pl SSL...
laboutiquelavie.fr XSS vulnerability
Vulnerable URL: http://www.laboutiquelavie.fr/newsletter.php Details: Description| Value ---|--- Patched:| No Latest check for patch:| 13.11.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 2953673 VIP website status:| No Check laboutiquelavie.fr SSL connection:...
missioitalia.it XSS vulnerability
Open Bug Bounty ID: OBB-256475 Description| Value ---|--- Affected Website:| missioitalia.it Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
profil.lindependant.fr XSS vulnerability
Vulnerable URL: http://profil.lindependant.fr/remote/bloc-newsletter.php?jsonCallback=prompt/OPENBUGBOUNTY/...
tnsj.pt XSS vulnerability
Vulnerable URL: http://www.tnsj.pt/home/index-newsletter.php?intNewsletterID=47"/ Details: Description| Value ---|--- Patched:| No Latest check for patch:| 26.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 2675746 Google Pagerank| 6 VIP website status:| No...
tiphys.com XSS vulnerability
Vulnerable URL: http://www.tiphys.com/newsletter.php?email=%27%22%3E%3E%3C/title%3E%27%22%3ESCRIPT%3E%22%3E%27%3E%3CSCRIPT%3Ealert%28/XSSPOSED/%29%3C/SCRIPT%3E Details: Description| Value ---|--- Patched:| Yes, at 30.01.2016 Latest check for patch:| 30.01.2016 22:58 GMT Vulnerability type:| XSS...
MallMold 2.5 app/action/newsletterAction.php SQL注入漏洞
/app/action/newsletterAction.phppublic function statistics //create a image header'Content-type:image/gif'; echo base64decode'R0lGODlhAQABAIAAAAAAAAAAACH5BAEAAAAALAAAAAABAAEAAAICRAEAOw=='; $sn = trim$GET'sn'; $email = trim$GET'ue'; $this-model'newsletter'-statistics$sn, $email;...
CVE-2014-8307
Multiple cross-site scripting XSS vulnerabilities in skins/default/outline.tpl in C97net Cart Engine before 4.0 allow remote attackers to inject arbitrary web script or HTML via the 1 path parameter in the "drop down TOP menu with path" section or 2 printthispage variable in the footercontentbloc...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in skins/default/outline.tpl in C97net Cart Engine before 4.0 allow remote attackers to inject arbitrary web script or HTML via the 1 path parameter in the "drop down TOP menu with path" section or 2 printthispage variable in the footercontentbloc...
Pimcore CMS 1.4.9 2.1.0 - Multiple Vulnerabilities
Pimcore CMS 1.4.9 2.1.0 - Multiple Vulnerabilities Vulnerabilities in Pimcore 1.4.9 to 2.1.0 inclusive Discovered by Pedro Ribeiro [email protected] of Agile Information Security ==================================================================== Disclosure: 14/04/2014 / Last updated: 12/10/2014...
wanewsletter <= 2.1.3 - Remote File Inclusion Vulnerability
No description provided by source. ======================= S==A==U==D==I ======================== WAnewsletter-2.1.3 newsletter.php RFI Vul ============================================================== Found By : Mogatil , [email protected]...
Design/Logic Flaw
The getObjectByToken function in Newsletter.php in the PimcoreToolNewsletter module in pimcore 1.4.9 through 2.1.0 does not properly handle an object obtained by unserializing a pathname, which allows remote attackers to conduct PHP object injection attacks and delete arbitrary files via vectors...