7648 matches found
PT-2018-15154 · Xslt · Xslt Cms
Name of the Vulnerable Software and Affected Versions: XSLT CMS affected versions not specified Description: A persistent XSS issue exists in XSLT CMS, allowing exploitation via the "body" field in the create/?action=items.edit&type=Page endpoint. Recommendations: At the moment, there is no...
US Indicts Two Chinese Government Hackers Over Global Hacking Campaign
The US Department of Justice on Thursday charged two Chinese hackers associated with the Chinese government for hacking numerous companies and government agencies in a dozen countries. The Chinese nationals, Zhu Huaknown online as Afwar, CVNX, Alayos and Godkiller and Zhang Shilong known online a...
NetChat v7.8 - Persistent Cross Site Scripting Vulnerability
Document Title: =============== NetChat v7.8 - Persistent Cross Site Scripting Vulnerability References: =========== https://www.vulnerability-lab.com/getcontent.php?id=2174 Watch Video: https://www.youtube.com/watch?v=2u-DHd5zlQw Advisory: https://www.vulnerability-lab.com/getcontent.php?id=2171...
Windows Persistent Service Installer Exploit
This Module will generate and upload an executable to a remote host and then makes it a persistent service. It will create a new service which will start the payload whenever the service is running. Admin or system privilege is required. This module requires Metasploit:...
NetChat v7.8 - Persistent Cross Site Scripting Vulnerability
Document Title: =============== NetChat v7.8 - Persistent Cross Site Scripting Vulnerability References: =========== https://www.vulnerability-lab.com/getcontent.php?id=2174 Watch Video: https://www.youtube.com/watch?v=2u-DHd5zlQw Advisory: https://www.vulnerability-lab.com/getcontent.php?id=2171...
NetChat v7.8 - Persistent Cross Site Scripting Vulnerability
Document Title: =============== NetChat v7.8 - Persistent Cross Site Scripting Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2171 Video: https://www.vulnerability-lab.com/getcontent.php?id=2174...
Semrush: Persistent CSV injection
Hi Team, https://www.semrush.com/notes is vulnerable to persistent csv injection stored csv injection POC: 1 Login into application and open https://www.semrush.com/notes 2 click on "Add note" button 3 And enter csv injection payloads like =4+4, =HYPERLINK"http://evil.com", "EVIL" and click on sa...
CVE-2018-19922
Persistent Cross-Site Scripting XSS in the advancedsetupwebsiteblocking.html Website Blocking page of the Actiontec C1000A router with firmware through CAC004-31.30L.95 allows a remote attacker to inject arbitrary HTML into the Website Blocking page by inserting arbitrary HTML into the 'TodUrlAdd...
CVE-2018-19922
The CVE-2018-19922 entry describes a Persistent Cross-Site Scripting (XSS) in the Actiontec C1000A router: the advancedsetup_websiteblocking.html Website Blocking page is vulnerable due to improper handling of the TodUrlAdd parameter in a /urlfilter.cmd POST request. This allows a remote attacker...
CVE-2018-19919
Pixelimity 1.0 has Persistent XSS via the admin/portfolio.php datatitle parameter, as demonstrated by a crafted onload attribute of an SVG element...
CVE-2018-19919
Pixelimity 1.0 is affected by CVE-2018-19919: a persistent XSS flaw in the admin/portfolio.php data[title] parameter, demonstrated by a crafted onload attribute in an SVG element. This indicates that enabling arbitrary HTML/JS injection could occur through the title field when rendering the admin...
Design/Logic Flaw
Pixelimity 1.0 has Persistent XSS via the admin/portfolio.php datatitle parameter, as demonstrated by a crafted onload attribute of an SVG element...
CVE-2018-19919
Pixelimity 1.0 has Persistent XSS via the admin/portfolio.php datatitle parameter, as demonstrated by a crafted onload attribute of an SVG element...
Critical: Red Hat Security Advisory: OpenShift Container Platform 3.5 security update
An update is now available for Red Hat OpenShift Container Platform release 3.5. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerabili...
Apache Superset 0.23 - Remote Code Execution Exploit
Exploit for linux platform in category web applications Exploit Title: Apache Superset 0.23 - Remote Code Execution Exploit Author: David May email protected Vendor Homepage: https://superset.apache.org/ Software Link: https://github.com/apache/incubator-superset Version: Any before 0.23 Tested o...
FreeBSD : Gitlab -- Multiple vulnerabilities (8a4aba2d-f33e-11e8-9416-001b217b3468)
Gitlab reports : View Names of Private Groups Persistent XSS in Environments SSRF in Prometheus integration Unauthorized Promotion of Milestones Exposure of Confidential Issue Title Persisent XSS in Markdown Fields via Mermaid Script Persistent XSS in Markdown Fields via Unrecognized HTML Tags...
Gitlab -- Multiple vulnerabilities
Gitlab reports: View Names of Private Groups Persistent XSS in Environments SSRF in Prometheus integration Unauthorized Promotion of Milestones Exposure of Confidential Issue Title Persisent XSS in Markdown Fields via Mermaid Script Persistent XSS in Markdown Fields via Unrecognized HTML Tags...
CVE-2018-17256
Persistent cross-site scripting XSS vulnerability in Umbraco CMS 7.12.3 allows authenticated users to inject arbitrary web script via the Header Name of a content Blog, Content Page, etc.. The vulnerability is exploited when updating or removing public access of a content...
CVE-2018-17256
Persistent cross-site scripting XSS vulnerability in Umbraco CMS 7.12.3 allows authenticated users to inject arbitrary web script via the Header Name of a content Blog, Content Page, etc.. The vulnerability is exploited when updating or removing public access of a content...
Cross site scripting
Persistent cross-site scripting XSS vulnerability in Umbraco CMS 7.12.3 allows authenticated users to inject arbitrary web script via the Header Name of a content Blog, Content Page, etc.. The vulnerability is exploited when updating or removing public access of a content...