Cross site scripting

An issue was discovered in the wunderfarm WF Cookie Consent plugin 1.1.3 for WordPress. A persistent cross-site scripting vulnerability has been identified in the web interface of the plugin that allows the execution of arbitrary HTML/script code to be executed in a victim's web browser via a pag...

WordPress Responsive Cookie Consent 1.7 / 1.6 / 1.5 Cross Site Scripting

Exploit Title: Wordpress Responsive Cookie Consent 1.7 / 1.6 / 1.5 - Authenticated Persistent Cross-Site Scripting Date: 2018-04-20 Exploit Author: B0UG Vendor Homepage: http://www.jameskoussertari.co.uk/ Software Link: https://en-gb.wordpress.org/plugins/responsive-cookie-consent/ Version: Teste...

Wordpress Responsive Cookie Consent v1.5 / v1.6 / v1.7 - Authenticated Persistent Cross-Site Scripti

Exploit for php platform in category web applications Exploit Title: Wordpress Responsive Cookie Consent v1.5 / v1.6 / v1.7 - Authenticated Persistent Cross-Site Scripting Exploit Author: B0UG Vendor Homepage: http://www.jameskoussertari.co.uk/ Software Link:...

Gitlab -- multiple vulnerabilities

GitLab reports: Persistent XSS in Move Issue using project namespace Download Archive allowing unauthorized private repo access Mattermost Updates...

Wireless GUI Android Security Assessment: Hijacker

Hijacker is a Graphical User Interface for the penetration testing tools Aircrack-ng, Airodump-ng , MDK3 and Reaver . It offers a simple and easy UI to use these tools without typing commands in a console and copy&pasting MAC addresses. This application requires an ARM android device with an...

MyBB Threads to Link Plugin 1.3 - Cross-Site Scripting

MyBB Threads to Link Plugin 1.3 - Cross-Site Scripting Exploit Title: MyBB Threads to Link Plugin v1.3 - Persistent XSS Date: 3/15/2018 Author: 0xB9 Contact: luxorforums.com/User-0xB9 or 0xB9atprotonmail.com Software Link: https://community.mybb.com/mods.php?action=view&pid=1065 Version: v1.3...

October CMS User Plugin 1.4.5 - Persistent Cross-Site Scripting

October CMS User Plugin 1.4.5 - Persistent Cross-Site Scripting Exploit Title: October CMS User Plugin v1.4.5 - Persistent Cross-Site Scripting Date: 2018-04-03 Author: 0xB9 Software Link: https://octobercms.com/plugin/rainlab-user Version: 1.4.5 Tested on: Ubuntu 17.10 CVE: CVE-2018-10366 1...

October CMS User Plugin v1.4.5 - Persistent Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: October CMS User Plugin v1.4.5 - Persistent Cross-Site Scripting Author: 0xB9 Software Link: https://octobercms.com/plugin/rainlab-user Version: 1.4.5 Tested on: Ubuntu 17.10 CVE: CVE-2018-10366 1. Description: Front-end user...

MyBB Threads to Link Plugin 1.3 - Cross-Site Scripting

Exploit Title: MyBB Threads to Link Plugin v1.3 - Persistent XSS Date: 3/15/2018 Author: 0xB9 Contact: luxorforums.com/User-0xB9 or 0xB9atprotonmail.com Software Link: https://community.mybb.com/mods.php?action=view&pid=1065 Version: v1.3 Tested on: Ubuntu 17.10 CVE: CVE-2018-10365 1. Description...

October CMS User Plugin 1.4.5 - Persistent Cross-Site Scripting

Exploit Title: October CMS User Plugin v1.4.5 - Persistent Cross-Site Scripting Date: 2018-04-03 Author: 0xB9 Software Link: https://octobercms.com/plugin/rainlab-user Version: 1.4.5 Tested on: Ubuntu 17.10 CVE: CVE-2018-10366 1. Description: Front-end user management for October CMS. Allows...

Frog CMS 0.9.5 - Persistent Cross-Site Scripting

Exploit Title: Frog CMS 0.9.5 has a stored Cross Site Scripting Vulnerability via "Admin Site title" in Settings Date: 2018-04-23 Exploit Author: Wenming Jiang Vendor Homepage: https://github.com/philippe/FrogCMS Software Link: https://github.com/philippe/FrogCMS Version: 0.9.5 Tested on: php 5.6...

October CMS User 1.4.5 Cross Site Scripting

Exploit Title: October CMS User Plugin v1.4.5 - Persistent Cross-Site Scripting Date: 2018-04-03 Author: 0xB9 Software Link: https://octobercms.com/plugin/rainlab-user Version: 1.4.5 Tested on: Ubuntu 17.10 CVE: CVE-2018-10366 1. Description: Front-end user management for October CMS. Allows...

Orangeworm Targeting Healthcare Industry since 2015 Now Exposed

Operating since 2015, a threat group dubbed Orangeworm has been newly attributed to hacking and infiltrating healthcare groups around the world. Companies specifically targeted include hospitals, healthcare providers, pharmaceuticals, IT services firms serving the healthcare industry, and more...

Cross site scripting

WUZHI CMS 4.1.0 allows persistent XSS via the form%5Bqq10%5D parameter to the /index.php?m=member&f=index&v=profile&setiframe=1 URI...

CVE-2018-10311

A vulnerability was discovered in WUZHI CMS 4.1.0. There is persistent XSS that allows remote attackers to inject arbitrary web script or HTML via the tagpinyin parameter to the /index.php?m=tags&f=index&v=add URI...

CVE-2018-10311

A vulnerability was discovered in WUZHI CMS 4.1.0. There is persistent XSS that allows remote attackers to inject arbitrary web script or HTML via the tagpinyin parameter to the /index.php?m=tags&f=index&v=add URI...

CVE-2018-10313

WUZHI CMS 4.1.0 allows persistent XSS via the form%5Bqq10%5D parameter to the /index.php?m=member&f=index&v=profile&setiframe=1 URI...

Cross site scripting

A vulnerability was discovered in WUZHI CMS 4.1.0. There is persistent XSS that allows remote attackers to inject arbitrary web script or HTML via the tagpinyin parameter to the /index.php?m=tags&f=index&v=add URI...

CVE-2018-10311

WUZHI CMS 4.1.0 is affected by a persistent XSS in the tag[pinyin] input when calling the API at /index.php?m=tags&f=index&v=add. The vulnerability allows remote attackers to inject arbitrary web script or HTML via the tag[pinyin] parameter. Multiple sources (including Exploit-DB and PT-Security)...

CVE-2018-10311

A vulnerability was discovered in WUZHI CMS 4.1.0. There is persistent XSS that allows remote attackers to inject arbitrary web script or HTML via the tagpinyin parameter to the /index.php?m=tags&f=index&v=add URI...