Pandora FMS Persistent Cross-Site Scripting (CVE-2020-13853)

A persistent cross site scripting vulnerability exists in Pandora FMS. Successful exploitation of this vulnerability would allow remote attackers to inject an arbitrary web script into the affected system...

Design/Logic Flaw

An issue was discovered in Mattermost Mobile Apps before 1.26.0. Cookie data can persist on a device after a logout...

Design/Logic Flaw

An issue was discovered in Mattermost Mobile Apps before 1.26.0. A view cache can persist on a device after a logout...

InvisiMole Group Resurfaces Touting Fresh Toolset, Gamaredon Partnership

The InvisiMole threat group has resurfaced in a new campaign, revealing a new toolset and a strategic collaboration with the high-profile Gamaredon advanced persistent threat APT group. InvisiMole was first uncovered by ESET in 2018, with cyberespionage activity dating back to 2013 in operations ...

NetEase(163,126) Mail Persistent XSS Vulnerability

This ia a 0day XSS vulnerability. The vulnerability for Netease email163,126 that works on all operating systems and browsers. Android and iPhone sometimes don't work You can easily obtain the users session and password with this XSS. Also, QQ-XSS vulnerability will be uploaded soon. Thank you...

A Bug in Facebook Messenger for Windows Could've Helped Malware Gain Persistence

Cybersecurity researchers at Reason Labs, the threat research arm of security solutions provider Reason Labs, today disclosed details of a vulnerability they recently discovered in the Facebook Messenger application for Windows. The vulnerability, which resides in Messenger version 460.16, could...

CVE-2020-13853

Artica Pandora FMS 7.44 has persistent XSS in the Messages feature...

CVE-2020-13853

Pandora FMS 7.44 is affected by CVE-2020-13853, a persistent Cross-Site Scripting (XSS) vulnerability in the Messages feature. The CoreLabs advisory details that an attacker can inject arbitrary JavaScript into messages, which is executed in the recipient’s browser and can facilitate session cook...

CVE-2020-13853

Artica Pandora FMS 7.44 has persistent XSS in the Messages feature...

NeonLMS Learning Management System PHP Laravel Script 4.6 XSS Vulnerability

NeonLMS Learning Management System PHP Laravel Script version 4.6 suffers from a persistent cross site scripting vulnerability. Exploit Title: NeonLMS - Learning Management System PHP Laravel Script - 'Messages' Persistent Cross Site Scripting Exploit Author: th3d1gger Vendor Homepage:...

Trump, Biden Campaign Staffers Targeted By APT Phishing Emails

With the U.S. presidential election months away, advanced persistent threat APT groups are targeting the campaign staffers of both Donald Trump and Joe Biden in recent phishing attacks. On Thursday, Shane Huntley with Google’s Threat Analysis Group said on Twitter that two separate phishing...

Online Marriage Registration System 1.0 - Persistent Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: Online Marriage Registration System 1.0 - Persistent Cross-Site Scripting Exploit Author: that faceless coderInveteck Global Vendor Homepage: https://phpgurukul.com/ Software Link:...

Online Marriage Registration System 1.0 Cross Site Scripting

Exploit Title: Online Marriage Registration System 1.0 - Persistent Cross-Site Scripting Google Dork: N/A Date: 2020-05-26 Exploit Author: that faceless coderInveteck Global Vendor Homepage: https://phpgurukul.com/ Software Link:...

osTicket 1.14.1 - (Ticket Queue) Persistent Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: osTicket 1.14.1 - 'Ticket Queue' Persistent Cross-Site Scripting Exploit Author: Matthew Aberegg Vendor Homepage: https://osticket.com Patch Link:...

LimeSurvey 4.1.11 Cross Site Scripting

Exploit Title: LimeSurvey 4.1.11 - 'Permission Roles' Persistent Cross-Site Scripting Date: 05/26/2020 Exploit Author: Matthew Aberegg Vendor Homepage: https://www.limesurvey.org Version: LimeSurvey 4.1.11+200316 Tested on: Ubuntu 18.04.4 Patch Link:...

osTicket 1.14.1 Cross Site Scripting

Exploit Title: osTicket 1.14.1 - 'Ticket Queue' Persistent Cross-Site Scripting Date: 2020-05-26 Exploit Author: Matthew Aberegg Vendor Homepage: https://osticket.com Patch Link: https://github.com/osTicket/osTicket/commit/6c724ea3fe352d10d457d334dc054ef81917fde1 Version: osTicket 1.14.1 Tested o...

osTicket 1.14.1 - 'Saved Search' Persistent Cross-Site Scripting

Exploit Title: osTicket 1.14.1 - 'Saved Search' Persistent Cross-Site Scripting Date: 2020-06-26 Exploit Author: Matthew Aberegg Vendor Homepage: https://osticket.com Patch Link: https://github.com/osTicket/osTicket/commit/d54cca0b265128f119b6c398575175cb10cf1754 Version: osTicket 1.14.1 Tested o...

osTicket 1.14.1 - 'Ticket Queue' Persistent Cross-Site Scripting

Exploit Title: osTicket 1.14.1 - 'Ticket Queue' Persistent Cross-Site Scripting Date: 2020-05-26 Exploit Author: Matthew Aberegg Vendor Homepage: https://osticket.com Patch Link: https://github.com/osTicket/osTicket/commit/6c724ea3fe352d10d457d334dc054ef81917fde1 Version: osTicket 1.14.1 Tested o...

Online Marriage Registration System 1.0 - Persistent Cross-Site Scripting

Exploit Title: Online Marriage Registration System 1.0 - Persistent Cross-Site Scripting Google Dork: N/A Date: 2020-05-26 Exploit Author: that faceless coderInveteck Global Vendor Homepage: https://phpgurukul.com/ Software Link:...

Victor CMS 1.0 - (add_user) Persistent Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: Victor CMS 1.0 - 'adduser' Persistent Cross-Site Scripting Exploit Author: Nitya Nand Vendor Homepage: https://github.com/VictorAlagwu/CMSsite Software Link: https://github.com/VictorAlagwu/CMSsite/archive/master.zip Version: 1....