CVE-2024-5554

The Element Pack Elementor Addons Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘onclickevent’ parameter in all versions up to, and including, 5.6.11 due to insufficient input sanitization and outp...

CVE-2024-5554

The Element Pack Elementor Addons Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘onclickevent’ parameter in all versions up to, and including, 5.6.11 due to insufficient input sanitization and outp...

ownCloud: apps.owncloud.com: XSS via referrer

Look at next request: Host: apps.owncloud.com User-Agent: Mozilla/5.0 Windows NT 6.3; WOW64; rv:40.0 Gecko/20100101 Firefox/40.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language: ru-RU,ru;q=0.8,en-US;q=0.5,en;q=0.3 Accept-Encoding: gzip, deflate Referer:...

XSS bug in wiki markup link rendering

The following wikimarkup creates links with an onclick event. noformat test link|mailto:[email protected]" onclick="alert'hi. I am a fun onclick event' test link|mailto:[email protected]" onclick="alert'hi. I am a fun onclick event' noformat This is due to the following code in...

[Full-disclosure] New (19.10.05) MS-IE Url Spoofing bug (by K-Gen).

New 19.10.05 MS-IE Url Spoofing bug by K-Gen. Gr337s .. I K-Gen have found a new I think.. URL spoofing bug in IE. Affected : All MS-IE Browsers Win XP SP2 as well. This allows a malicious website to host a specially crafted A HREF tag that shows to the user as a link to one location, but actuall...