Laravel 5.4 Cross Site Scripting

Exploit Title: Laravel non-presistent XSS in validation of arrays Date: 06/03/2017 Exploit Author: MaHDyfo mahdyfofthe at signgmail.com Vendor Homepage: laravel.com Version: 5.4 In Laravel validation rules, assume that you set a rule to get an array input. $this-validate$request, 'lessons' =...

WordPress NewStatPress 1.2.4 Cross Site Scripting

------------------------------------------------------------------------ Persistent Cross-Site Scripting in the WordPress NewStatPress plugin ------------------------------------------------------------------------ Han Sahin, July 2016...

CVE-2017-6102

Persistent XSS in wordpress plugin rockhoist-badges v1.2.2...

CVE-2017-6103

Persistent XSS Vulnerability in Wordpress plugin AnyVar v0.1.1...

CVE-2017-6102

CVE-2017-6102 affects the WordPress plugin rockhoist-badges v1.2.2, with a persistent (stored) XSS flaw caused by insufficient input validation. Several connected sources describe this as an authenticated stored XSS vulnerability that could allow an attacker to execute scripts in a victim’s brows...

CVE-2017-6103

CVE-2017-6103 affects the WordPress AnyVar plugin (v0.1.1). Connected sources describe a stored/persistent XSS vulnerability in AnyVar that can lead to execution of arbitrary script in a user’s browser and, per CNVD, potentially access cookie-based credentials. Exploitation details are not provid...

CVE-2017-6103

Persistent XSS Vulnerability in Wordpress plugin AnyVar v0.1.1...

Air Transfer Cross-Site Scripting Vulnerability

Air Transfer Pro is an application for transferring files from your computer to your cell phone over a wireless network. Air Transfer suffers from a cross-site scripting vulnerability that allows remote attackers to exploit exploits to inject script code into client application requests with...

WordPress Plugin NewStatPress 1.2.4 - Persistent Cross-Site Scripting (XSS) vulnerability

WordPress Plugin NewStatPress 1.2.4 has a persistent Cross-Site Scripting XSS vulnerability discovered on Summer Of Pwnage event Solution Update plugin to the latest version at least 1.2.5...

Palo Alto PAN-OS Cross-Site Scripting in the Management Web Interface

A persistent cross-site scripting XSS vulnerability exists in the management web interface. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE...

Cross-Site Scripting in the Management Web Interface

A persistent cross-site scripting XSS vulnerability exists in the management web interface ref PAN-66838 / CVE-2017-5584. PAN-OS contains a post-authentication vulnerability that may allow for a persistent cross-site scripting XSS attack of the management web interface. Successful exploitation of...

Telekom Cloud SSO Cross Site Scripting

Document Title: =============== Telekom Cloud SSO - Multiple Persistent XSS Vulnerabilities References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2021 Incident ID: 20161205FKr02 Vulnerability Magazine:...

Elefant CMS 1.3.12-RC Cross Site Scripting

Security Advisory - Curesec Research Team 1. Introduction Affected Product: Elefant CMS 1.3.12-RC Fixed in: 1.3.13 Fixed Version https://github.com/jbroadway/elefant/releases/tag/ Link: elefant1313rc Vendor Website: https://www.elefantcms.com/ Vulnerability XSS Type: Remote Yes Exploitable:...

WordPress Easy Table 1.6 Cross Site Scripting Vulnerability

Exploit for php platform in category web applications ============================================= MGC ALERT 2017-001 - Original release date: Feb 07, 2017 - Last revised: Feb 12, 2017 - Discovered by: Manuel Garcia Cardenas - Severity: 4,8/10 CVSS Base Score...

Telekom Cloud SSO - Multiple Persistent XSS Vulnerabilities

Document Title: =============== Telekom Cloud SSO - Multiple Persistent XSS Vulnerabilities References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2021 Incident ID: 20161205FKr02 Vulnerability Magazine:...

WordPress XO Security plugin <=1.5.2 - Persistent Cross-Site Scripting (XSS) vulnerability

WordPress XO Security plugin Persistent Cross-Site Scripting XSS vulnerability was found in 1.5.2 version. The password is not sanitized in failedlogin function. Solution Update the plugin...

MGASA-2017-0042 Updated openssl packages fix security vulnerability

There is a carry propagation bug in the Broadwell-specific Montgomery multiplication procedure that handles input lengths divisible by, but longer than 256 bits. mong EC algorithms only Brainpool P-512 curves are affected and one presumably can attack ECDH key negotiation CVE-2016-7055. If an...

Updated openssl packages fix security vulnerability

There is a carry propagation bug in the Broadwell-specific Montgomery multiplication procedure that handles input lengths divisible by, but longer than 256 bits. mong EC algorithms only Brainpool P-512 curves are affected and one presumably can attack ECDH key negotiation CVE-2016-7055. If an...

Brave Software: Brave payments remembers history even after clearing all browser data.

NOTE! Thanks for submitting a report! Please fill all sections below with the pertinent details. Remember, the more detail you provide, the easier it is for us to verify and then potentially issue a bounty. Summary: As a user you expect the browser to not persist data after clearing browser data...

Bitrix Site Manager Cross Site Scripting

Hello list! There is Cross-Site Scripting vulnerability in Bitrix Site Manager. ------------------------- Affected products: ------------------------- Vulnerable was the last version of Bitrix Site Manager at 12.06.2015, when I found this vulnerability on web site of Russian terrorists. At that...