D-Link DIR-615 Wireless Router - Persistent Cross Site Scripting Vulnerability

Exploit for hardware platform in category web applications Exploit Title: D-Link DIR-615 Wireless Router - Persistent Cross Site Scripting XSS Exploit Author: Sayan Chatterjee Vendor Homepage: http://www.dlink.co.in Hardware Link: http://www.dlink.co.in/products/?pid=678 Category: Hardware Wi-fi...

Cross-site Scripting (XSS)

public is vulnerable to persistent cross-site scripting XSS attacks. The vulnerability exists due to the lack of sanitization of filenames, allowing arbitrary script to be stored in them and subsequently executed when served...

LimeSurvey 2.72.3 - Persistent XSS to Code Execution

See RIPS Scan Report Unauthenticated Persistent Cross-Site Scripting LimeSurvey 2.72.3 is prone to a persistent cross-site scripting vulnerability which is exploitable through the unauthenticated perspective. When submitting a public survey, the Continue Later feature allows users to save their...

FreeBSD : Gitlab -- multiple vulnerabilities (085a087b-3897-11e8-ac53-d8cb8abf62dd)

GitLab reports : Confidential issue comments in Slack, Mattermost, and webhook integrations. Persistent XSS in milestones data-milestone-id. Persistent XSS in filename of merge request. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the...

MyBB Recent Threads On Index 17.0 Cross Site Scripting

Exploit Title: MyBB Recent threads Date: 4th April 2018 Exploit Author: Perileos Software Link: https://community.mybb.com/mods.php?action=view&pid=191 Version: 17.0 Tested on: Windows 10 1. Description: This plugin shows recent threads in the side bar on your MyBB forum. 2. Proof of concept:...

MyBB Plugin Recent Threads On Index - Cross-Site Scripting

MyBB Plugin Recent Threads On Index - Cross-Site Scripting Exploit Title: MyBB Recent threads Date: 4th April 2018 Exploit Author: Perileos Software Link: https://community.mybb.com/mods.php?action=view&pid=191 Version: 17.0 Tested on: Windows 10 1. Description: This plugin shows recent threads i...

MyBB Plugin Recent Threads On Index - Cross-Site Scripting

Exploit Title: MyBB Recent threads Date: 4th April 2018 Exploit Author: Perileos Software Link: https://community.mybb.com/mods.php?action=view&pid=191 Version: 17.0 Tested on: Windows 10 1. Description: This plugin shows recent threads in the side bar on your MyBB forum. 2. Proof of concept:...

MyBB Downloads 2.0.3 Cross Site Scripting

Exploit Title: MyBB Downloads Plugin v2.0.3 - Persistent XSS Date: 3/28/18 Author: 0xB9 Contact: luxorforums.com/User-0xB9 or 0xB9atprotonmail.com Software Link: https://community.mybb.com/mods.php?action=view&pid=854 Version: 2.0.3 Tested on: Ubuntu 17.10 1. Description: It is a plugin which add...

MyBB Plugin Downloads 2.0.3 - Cross-Site Scripting

MyBB Plugin Downloads 2.0.3 - Cross-Site Scripting Exploit Title: MyBB Downloads Plugin v2.0.3 - Persistent XSS Date: 3/28/18 Author: 0xB9 Contact: luxorforums.com/User-0xB9 or 0xB9atprotonmail.com Software Link: https://community.mybb.com/mods.php?action=view&pid=854 Version: 2.0.3 Tested on:...

MyBB Plugin Downloads 2.0.3 - Cross-Site Scripting

Exploit Title: MyBB Downloads Plugin v2.0.3 - Persistent XSS Date: 3/28/18 Author: 0xB9 Contact: luxorforums.com/User-0xB9 or 0xB9atprotonmail.com Software Link: https://community.mybb.com/mods.php?action=view&pid=854 Version: 2.0.3 Tested on: Ubuntu 17.10 1. Description: It is a plugin which add...

Sandoba CP:Shop CMS 2016.1 Cross Site Scripting

Document Title: =============== Sandoba CP:Shop CMS v2016.1 - Multiple Cross Site Scripting Vulnerabilities References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2122 Release Date: ============= 2018-03-02 Vulnerability Laboratory ID VL-ID:...

AEF CMS 1.0.9 Cross Site Scripting

Document Title: =============== AEF CMS v1.0.9 - PM Persistent Cross Site Scripting Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2123 Release Date: ============= 2018-02-18 Vulnerability Laboratory ID VL-ID:...

CVE-2015-9257

BMC Remedy Action Request AR System 9.0 before 9.0.00 Service Pack 2 hot fix 1 has persistent XSS...

CVE-2015-9257

CVE-2015-9257 affects BMC Remedy Action Request (AR) System 9.0 prior to 9.0.00 Service Pack 2 hot fix 1. A persistent XSS vulnerability exists in Remedy AR System; impact is web UI based. To remediate, apply 9.0.00 SP2 hot fix 1 (or equivalent patched release) per linked disclosures. No exploita...

MyBB Last User's Threads In Profile 1.2 Cross Site Scripting

Exploit Title: MyBB Last User's Threads in Profile Plugin v1.2 - Persistent XSS Date: 3/19/2018 Author: 0xB9 Contact: luxorforums.com/User-0xB9 or 0xB9atprotonmail.com Software Link: https://community.mybb.com/mods.php?action=view&pid=910 Version: v1.2 Tested on: Ubuntu 17.10 1. Description:...

MyBB Plugin Last User's Threads in Profile Plugin 1.2 - Persistent Cross-Site Scripting

Exploit Title: MyBB Last User's Threads in Profile Plugin v1.2 - Persistent XSS Date: 3/19/2018 Author: 0xB9 Contact: luxorforums.com/User-0xB9 or 0xB9atprotonmail.com Software Link: https://community.mybb.com/mods.php?action=view&pid=910 Version: v1.2 Tested on: Ubuntu 17.10 1. Description:...

Cross site scripting

Gitlab Community Edition version 10.2.4 is vulnerable to lack of input validation in the CI job component resulting in persistent cross site scripting...

CVE-2017-0917

Gitlab Community Edition version 10.2.4 is vulnerable to lack of input validation in the CI job component resulting in persistent cross site scripting...

CVE-2017-0917

CVE-2017-0917: GitLab Community Edition v10.2.4 vulnerability in the CI job component due to lack of input validation, causing persistent cross-site scripting. Confirmed details across multiple sources indicate a remote attacker could inject arbitrary script via CI job output, leading to potentia...

CVE-2017-0924

CVE-2017-0924 affects GitLab Community Edition 10.2.4, with a lack of input validation in the labels component that enables persistent cross-site scripting (XSS). Multiple sources (NVD entry for CVE-2017-0924, OpenVAS NASL, CNVD entry) corroborate that the vulnerability is tied to the labels comp...