MyBB Threads To Link 1.3 Cross Site Scripting

Exploit Title: MyBB Threads to Link Plugin v1.3 - Persistent XSS Date: 3/15/2018 Author: 0xB9 Contact: luxorforums.com/User-0xB9 or 0xB9atprotonmail.com Software Link: https://community.mybb.com/mods.php?action=view&pid=1065 Version: v1.3 Tested on: Ubuntu 17.10 1. Description: When editing a...

UK Cookie Consent - Persistent Cross-Site Scripting

UK Cookie Consent - Persistent Cross-Site Scripting Exploit Title: UK Cookie Consent v2.3.9 - Persistent Cross-Site Scripting Date: 2018-04-22 Exploit Author: B0UG Vendor Homepage: https://catapultthemes.com/ Software Link: https://en-gb.wordpress.org/plugins/uk-cookie-consent/description Version...

WordPress UK Cookie Consent 2.3.9 Cross Site Scripting

Exploit Title: UK Cookie Consent v2.3.9 - Persistent Cross-Site Scripting Date: 2018-04-22 Exploit Author: B0UG Vendor Homepage: https://catapultthemes.com/ Software Link: https://en-gb.wordpress.org/plugins/uk-cookie-consent/description Version: Tested on version 2.3.9 older versions may also be...

PT-2018-9820 · Wuzhi · Wuzhi Cms

Name of the Vulnerable Software and Affected Versions: WUZHI CMS version 4.1.0 Description: The issue allows for persistent XSS via the form%5Bqq 10%5D parameter to the "/index.php?m=member&f=index&v=profile&set iframe=1" URI. This enables potential attackers to inject malicious scripts into the...

WSO2 Carbon / WSO2 Dashboard Server 5.3.0 - Persistent Cross-Site Scripting

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple Stored XSS Vulnerabilities product: WSO2 Carbon, WSO2 Dashboard Server vulnerable version: WSO2 Identity Server 5.3.0 fixed version: WSO2 Identity Server 5.5.0 C...

Monstra cms 3.0.4 - Persitent Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: Monstra cms 3.0.4 - Persitent Cross-Site Scripting Exploit Author: Wenming Jiang Vendor Homepage: https://github.com/monstra-cms/monstra Software Link: https://github.com/monstra-cms/monstra Version: 3.0.4 Tested on: php 5.6,...

TYPO3 Persistent XSS Vulnerability (Apr 2018) - Linux

TYPO3 is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:typo3:typo3";...

Cross site scripting

An issue was discovered in WUZHI CMS V4.1.0. There is a persistent XSS vulnerability that can steal the administrator cookies via the tagtag parameter to the index.php?m=tags&f=index&v=add&&su=wuzhicms URI. After a website editor whose privilege is lower than the administrator logs in, he can add...

CVE-2018-10221

An issue was discovered in WUZHI CMS V4.1.0. There is a persistent XSS vulnerability that can steal the administrator cookies via the tagtag parameter to the index.php?m=tags&f=index&v=add&&su=wuzhicms URI. After a website editor whose privilege is lower than the administrator logs in, he can add...

CVE-2018-10221

An issue was discovered in WUZHI CMS V4.1.0. There is a persistent XSS vulnerability that can steal the administrator cookies via the tagtag parameter to the index.php?m=tags&f=index&v=add&&su=wuzhicms URI. After a website editor whose privilege is lower than the administrator logs in, he can add...

CVE-2018-10221

WUZHI CMS V4.1.0 contains a persistent XSS vulnerability in the tag[tag] parameter of index.php?m=tags&f=index&v=add&_su=wuzhicms. An authenticated user with lower privilege (e.g., site editor) can inject a payload to steal administrator cookies after logging in. Connected sources (CNVD-2018-0938...

CVE-2018-8831

A Persistent XSS vulnerability exists in Kodi formerly XBMC through 17.6 that allows the execution of arbitrary HTML/script code in the context of the victim user's browser via a playlist...

Cross site scripting

A Persistent XSS vulnerability exists in Kodi formerly XBMC through 17.6 that allows the execution of arbitrary HTML/script code in the context of the victim user's browser via a playlist...

UBUNTU-CVE-2018-8831

A Persistent XSS vulnerability exists in Kodi formerly XBMC through 17.6 that allows the execution of arbitrary HTML/script code in the context of the victim user's browser via a playlist...

CVE-2018-8831

Kodi 17.6 and earlier web interface are vulnerable to a persistent XSS via playlists, allowing arbitrary HTML/script execution in the victim’s browser. Affected: Kodi/XBMC playlist handling in the web interface. Root cause: Persistent XSS in playlist processing. Impact: arbitrary script execution...

CVE-2018-8831

A Persistent XSS vulnerability exists in Kodi formerly XBMC through 17.6 that allows the execution of arbitrary HTML/script code in the context of the victim user's browser via a playlist...

Kodi 17.6 Cross Site Scripting

============================================= MGC ALERT 2018-003 - Original release date: March 19, 2018 - Last revised: April 16, 2018 - Discovered by: Manuel Garcia Cardenas - Severity: 4,8/10 CVSS Base Score - CVE-ID: CVE-2018-8831 ============================================= I. VULNERABILITY...

Kodi 17.6 - Persistent Cross-Site Scripting

============================================= MGC ALERT 2018-003 - Original release date: March 19, 2018 - Last revised: April 16, 2018 - Discovered by: Manuel Garcia Cardenas - Severity: 4,8/10 CVSS Base Score - CVE-ID: CVE-2018-8831 ============================================= I. VULNERABILITY...

D-Link DIR-615 Cross Site Scripting

Exploit Title: D-Link DIR-615 Wireless Router - Persistent Cross Site Scripting XSS Date: 14.04.2018 Exploit Author: Sayan Chatterjee Vendor Homepage: http://www.dlink.co.in Hardware Link: http://www.dlink.co.in/products/?pid=678 Category: Hardware Wi-fi Router Hardware Version: T1 Firmware...

D-Link DIR-615 Wireless Router - Persistent Cross Site Scripting

D-Link DIR-615 Wireless Router - Persistent Cross Site Scripting Exploit Title: D-Link DIR-615 Wireless Router - Persistent Cross Site Scripting XSS Date: 14.04.2018 Exploit Author: Sayan Chatterjee Vendor Homepage: http://www.dlink.co.in Hardware Link: http://www.dlink.co.in/products/?pid=678...