Stock Management System 1.0 Cross Site Scripting

Exploit Title: Stock Management System 1.0 - Persistent Cross-Site Scripting Brand Name Exploit Author: Adeeb Shah @hyd3sec Date: August 2, 2020 Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/php/14366/stock-management-system-php.html Version: 1.0...

JobCareer < 3.5 - Multiple Cross-Site Scripting (XSS)

An Unauthenticated Reflected & Authenticated Persistent XSS vulnerabilities were discovered in the JobCareer theme through 3.4 for WordPress. Unauthenticated Reflected XSS - Vulnerable parameters: jobtitle, specialisms, location Authenticated Persistent XSS on Employer Profile - «Complete Address...

JobCareer < 3.5 - Multiple Cross-Site Scripting (XSS)

An Unauthenticated Reflected & Authenticated Persistent XSS vulnerabilities were discovered in the JobCareer theme through 3.4 for WordPress. Unauthenticated Reflected XSS - Vulnerable parameters: jobtitle, specialisms, location Authenticated Persistent XSS on Employer Profile - «Complete Address...

WordPress Maintenance Mode By SeedProd 5.1.1 Cross Site Scripting

Exploit Title: Wordpress Plugin Maintenance Mode by SeedProd 5.1.1 - Persistent Cross-Site Scripting Date: 2020-06-22 Vendor Homepage: https://www.seedprod.com/ Vendor Changelog: https://wordpress.org/plugins/coming-soon/developers Exploit Author: Jinson Varghese Behanan @JinsonCyberSec Author...

CVE-2020-13971

In Shopware before 6.2.3, authenticated users are allowed to use the Mediabrowser fileupload feature to upload SVG images containing JavaScript. This leads to Persistent XSS. An uploaded image can be accessed without authentication...

Design/Logic Flaw

In Shopware before 6.2.3, authenticated users are allowed to use the Mediabrowser fileupload feature to upload SVG images containing JavaScript. This leads to Persistent XSS. An uploaded image can be accessed without authentication...

CVE-2020-13971

In Shopware before 6.2.3, authenticated users are allowed to use the Mediabrowser fileupload feature to upload SVG images containing JavaScript. This leads to Persistent XSS. An uploaded image can be accessed without authentication...

CVE-2020-13971

Shopware CVE-2020-13971 affects Shopware before 6.2.3. Authenticated users can use the Mediabrowser fileupload to upload SVG images containing JavaScript, causing Persistent XSS. An uploaded image can be accessed without authentication, enabling the attack to be carried out by non-privileged user...

SUSE-SU-2020:2053-1 Security update for rubygem-excon

This update for rubygem-excon fixes the following issues: - CVE-2019-16779: Fixed an information leak in the socket handling for persistent connections bsc1159342...

GOautodial 4.0 - Persistent Cross-Site Scripting (Authenticated) Vulnerability

Exploit for php platform in category web applications Exploit Title: GOautodial 4.0 - Persistent Cross-Site Scripting Authenticated Author: Balzabu Vendor Homepage: https://goautodial.org/ Software Link: https://goautodial.org/GOautodial-4-x8664-Final-20191010-0150.iso.html Tested Version: 4.0 La...

Cross site scripting

Insufficient output sanitization in Teltonika firmware TRB2R00.02.02 allows a remote, authenticated attacker to conduct persistent cross-site scripting XSS attacks by injecting malicious client-side code into the 'URL/ Host / Connection' form in the 'DATA TO SERVER' configuration section...

CVE-2020-5769

Teltonika TRB2 firmware TRB2_R_00.02.02 contains insufficient output sanitization in the WEB application, enabling a remote, authenticated attacker to perform persistent cross-site scripting by injecting malicious client-side code into the DATA TO SERVER fields (URL/Host/Connection). Affected: Te...

Findus - Directory Listing < 1.1.15 - Authenticated Persistent XSS

Authenticated Persistent XSS vulnerability was discovered in the «Findus - Directory Listing WordPress Theme», tested version — v1.1.14. PoC Injected payload will trigger in the admin dashboard, in the «My listings» page and on listing page itself. POST /submit-listing/ HTTP/1.1 Host: example.com...

Findus - Directory Listing < 1.1.15 - Authenticated Persistent XSS

Authenticated Persistent XSS vulnerability was discovered in the «Findus - Directory Listing WordPress Theme», tested version — v1.1.14. Injected payload will trigger in the admin dashboard, in the «My listings» page and on listing page itself. POST /submit-listing/ HTTP/1.1 Host: example.com...

How bad bots are targeting the healthcare sector

Credential cracking, or password spraying, is one of the most effective ways for cybercriminals to get access to user accounts. It refers to the brute-force automated cracking, or pairing of usernames and passwords by using sophisticated high-speed bots. According to a National Cyber Awareness...

Savsoft Quiz 5 Cross Site Scripting

Exploit Title: Savsoft Quiz V5 - Persistent Cross-Site Scripting Date: 2020-07-09 Exploit Author: th3d1gger Vendor Homepage: https://savsoftquiz.com/ Software Link: https://github.com/savsofts/savsoftquizv5.git Version: 5.0 Tested on: Kali Linux ---Vulnerable Source Code---- function insertuser2...

Savsoft Quiz 5 - Persistent Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: Savsoft Quiz 5 - Persistent Cross-Site Scripting Exploit Author: Ogulcan Unverenth3d1gger Vendor Homepage: https://savsoftquiz.com/ Software Link: https://github.com/savsofts/savsoftquizv5.git Version: 5.0 Tested on: Kali Linux...

Wordpress Powie WHOIS Domain Check 0.9.31 Plugin - Persistent Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: Wordpress Plugin Powie's WHOIS Domain Check 0.9.31 - Persistent Cross-Site Scripting Vendor Homepage: https://powie.de Vendor Changelog: https://wordpress.org/plugins/powies-whois/developers Software Link:...

Savsoft Quiz 5 - Persistent Cross-Site Scripting

Exploit Title: Savsoft Quiz 5 - Persistent Cross-Site Scripting Date: 2020-07-09 Exploit Author: Ogulcan Unverenth3d1gger Vendor Homepage: https://savsoftquiz.com/ Software Link: https://github.com/savsofts/savsoftquizv5.git Version: 5.0 Tested on: Kali Linux ---Vulnerable Source Code---- functio...

CVE-2020-15536

An issue was discovered in the bestsoftinc Hotel Booking System Pro plugin through 1.1 for WordPress. Persistent XSS can occur via any of the registration fields...