Flatpress Add Blog 1.0.3 - Persistent Cross-Site Scripting

Exploit Title: Flatpress Add Blog 1.0.3 - Persistent Cross-Site Scripting Date: 2020-09-19 Exploit Author: Alperen Ergel Vendor Homepage: https://www.flatpress.org/ Software Link: https://github.com/evacchi/flatpress/releases/tag/v1.0.3 Version: 1.0.3 Tested on: windows 10 / xampp CVE :...

openSUSE Security Update : fossil (openSUSE-2020-1478)

This update for fossil fixes the following issues : - fossil 2.12.1 : - CVE-2020-24614: Remote authenticated users with check-in or administrative privileges could have executed arbitrary code boo1175760 - Security fix in the 'fossil git export' command. New 'safety-net' features were added to...

Security update for fossil (important)

openSUSE Security Update: Security update for fossil Announcement ID: openSUSE-SU-2020:1478-1 Rating: important References: 1047218 1175760 Cross-References: CVE-2020-24614 Affected Products: openSUSE Leap 15.2 openSUSE Leap 15.1 openSUSE Backports SLE-15-SP2 openSUSE Backports SLE-15-SP1 An upda...

CVE-2020-24924

ElkarBackup v1.3.3 contains a persistent cross-site scripting vulnerability that can allow an attacker to steal a user session cookie. The issue is located in the Policies → action → Name parameter. Multiple connected sources (Red Hat, CNVD, NVD, CVE lists) corroborate the vulnerability as a cros...

RAD SecFlow-1v SF_0290_2.3.01.26 Cross Site Scripting

Exploit Title: RAD SecFlow-1v SF02902.3.01.26 - Persistent Cross-Site Scripting Date: 2020-08-31 Exploit Author: Jonatan Schor and Uriel Yochpaz Vendor Homepage: https://www.rad.com/products/secflow-1v-IIoT-Gateway Version: SecFlow-1v os-image SF02902.3.01.26 Tested on: RAD SecFlow-1v CVE : N/A A...

Cross-site Scripting (XSS) - Stored in arachnys/cabot

Description Executed Persistent stored XSS in cabot check settings, as well as the address field. As per CVEs present Stored XSS is a High Severity bug. Proof of Concept 1. setup cabot to reproduce the vulnerability 2. create an account now login to the account 3. Go to checks Create and navigate...

CVE-2020-24963

An Authenticated Persistent XSS vulnerability was discovered in the Best Support System, tested version v3.0.4...

Cross site scripting

An Authenticated Persistent XSS vulnerability was discovered in the Best Support System, tested version v3.0.4...

CVE-2020-24963

Summary: CVE-2020-24963 affects the Best Support System, v3.0.4. The vulnerability is an authenticated persistent XSS in the application, demonstrated via the ticketing workflow, specifically the ticket_body input in the ticket-confirm/ticket-reply/11.html path. The evidence from connected source...

Savsoft Quiz Enterprise Version 5.5 - Persistent Cross-Site Scripting

Exploit Title: Savsoft Quiz Enterprise Version 5.5 - Persistent Cross-Site Scripting Date: 2020-09-01 Exploit Author: Hemant Patidar HemantSolo Vendor Homepage: https://savsoftquiz.com/ Software Link: https://savsoftquiz.com/web/demo.php Version: 5.0 Tested on: Windows 10/Kali Linux Contact:...

Cross-site Scripting (XSS) - Stored in monicahq/monica

Description HTML codes can be entered and successfully run in the journal session of Monica, which allows an attacker to trigger XSS query's like causing a persistant stored XSS in the journal session. files at monica/2. Fix Suggestion Sanitize the input / escape the xss charecters or else escape...

moziloCMS 2.0 - Persistent Cross-Site Scripting (Authenticated)

Exploit Title: moziloCMS 2.0 - Persistent Cross-Site Scripting Authenticated Date: 2020-08-31 Exploit Author: Abdulkadir Kaya Vendor Homepage: https://www.mozilo.de/ Version: 2.0 Tested on: Windows & WampServer 1- Go to following url. http://HOST/PATH/admin/ 2- Login the admin panel. 3- Go to...

SymphonyCMS 3.0.0 - Persistent Cross-Site Scripting

Exploit Title: SymphonyCMS 3.0.0 - Persistent Cross-Site Scripting Google Dork: "lepton cms" Date: 2020-08-28 Exploit Author: SunCSR Sun Cyber Security Research Vendor Homepage: https://www.getsymphony.com/ Software Link: https://www.getsymphony.com/ Version: 3.0.0 Tested on: Windows CVE : N/A...

CVE-2020-23984

Online Hotel Booking System Pro PHP Version 1.3 has Persistent Cross-site Scripting in Customer registration-form all-tags...

Cross site scripting

Online Hotel Booking System Pro PHP Version 1.3 has Persistent Cross-site Scripting in Customer registration-form all-tags...

CVE-2020-23984

CVE-2020-23984 affects Online Hotel Booking System Pro PHP Version 1.3, with a persistent cross-site scripting flaw in the Customer registration-form all-tags. The Red Hat/CNVD/NVD entries corroborate a client-side script execution vulnerability in the registration form. No explicit remediation o...

CVE-2020-23974

Create-Project Manager 1.07 has Multi Persistent Cross-site Scripting and HTML injection in via Online chat, Social feed,Messagetitle-tag, Add new client all-tags...

Cross site scripting

Create-Project Manager 1.07 has Multi Persistent Cross-site Scripting and HTML injection in via Online chat, Social feed,Messagetitle-tag, Add new client all-tags...

CVE-2020-23974

Create-Project Manager 1.07 has Multi Persistent Cross-site Scripting and HTML injection in via Online chat, Social feed,Messagetitle-tag, Add new client all-tags...

APT Hackers Exploit Autodesk 3ds Max Software for Industrial Espionage

It's one thing for APT groups to conduct cyber espionage to meet their own financial objectives. But it's an entirely different matter when they are used as "hackers for hire" by competing private companies to make away with confidential information. Bitdefender's Cyber Threat Intelligence Lab...