Umbraco Persistent Password Reset Poison

The password reset component deployed within Umbraco uses the hostname supplied within the request host header when building a password reset URL. It may be possible to manipulate the URL sent to Umbraco users when so that it points to the attackers server thereby disclosing the password reset...

Banco Guayaquil 8.0.0 Cross Site Scripting Vulnerability

Banco Guayaquil for iOS version 8.0.0 suffers from a script insertion vulnerability where a user can insert malicious code into their own name and could possibly be leveraged for attacks upstream. Document Title: =============== Banco Guayaquil Versión 8.0.0 IOS - Cross Site Scripting Stored...

Banco Guayaquil v8.0.0 iOS - Cross Site Web Vulnerability

Document Title: =============== Banco Guayaquil v8.0.0 iOS - Cross Site Web Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2315 Release Date: ============= 2022-01-21 Vulnerability Laboratory ID VL-ID: ====================================...

CVE-2022-23221

H2 Console before 2.1.210 allows remote attackers to execute arbitrary code via a jdbc:h2:mem JDBC URL containing the IGNOREUNKNOWNSETTINGS=TRUE;FORBIDCREATION=FALSE;INIT=RUNSCRIPT substring, a different vulnerability than CVE-2021-42392...

CVE-2022-22163

An Improper Input Validation vulnerability in the Juniper DHCP daemon jdhcpd of Juniper Networks Junos OS allows an adjacent unauthenticated attacker to cause a crash of jdhcpd and thereby a Denial of Service DoS. If a device is configured as DHCPv6 local server and persistent storage is enabled,...

Rocket LMS 1.1 - Persistent Cross Site Scripting Vulnerability

Exploit Title: Rocket LMS 1.1 - Persistent Cross Site Scripting XSS Document Title: =============== Rocket LMS 1.1 - Persistent Cross Site Scripting XSS Product & Service Introduction: =============================== Rocket LMS is an online course marketplace with a pile of features that helps yo...

Rocket LMS 1.1 - Persistent Cross Site Scripting (XSS)

Exploit Title: Rocket LMS 1.1 - Persistent Cross Site Scripting XSS Exploit Author: Vulnerability-Lab Date: 29/12/2021 Document Title: =============== Rocket LMS 1.1 - Persistent Cross Site Scripting XSS References Source: ====================...

Design/Logic Flaw

The password reset component deployed within Umbraco uses the hostname supplied within the request host header when building a password reset URL. It may be possible to manipulate the URL sent to Umbraco users when so that it points to the attackers server thereby disclosing the password reset...

CVE-2022-22690 Umbraco Remote ApplicationURL Overwrite

Within the Umbraco CMS, a configuration element named "UmbracoApplicationUrl" or just "ApplicationUrl" is used whenever application code needs to build a URL pointing back to the site. For example, when a user resets their password and the application builds a password reset URL or when the...

CVE-2022-22691 Umbraco Password Reset URL Poison

The password reset component deployed within Umbraco uses the hostname supplied within the request host header when building a password reset URL. It may be possible to manipulate the URL sent to Umbraco users when so that it points to the attackers server thereby disclosing the password reset...

Win32.MarsStealer Web Panel Cross Site Scripting

Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/8abb41f6e7010d70c90f65fd9a740faaB.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Win32.MarsStealer Web Panel Vulnerability: Unauthenticated Remote Persistent XSS Description: The...

CVE-2021-23824

This affects the package Crow before 0.3+4. When using attributes without quotes in the template, an attacker can manipulate the input to introduce additional attributes, potentially executing code. This may lead to a Cross-site Scripting XSS vulnerability, assuming an attacker can influence the...

Cross site scripting

This affects the package Crow before 0.3+4. When using attributes without quotes in the template, an attacker can manipulate the input to introduce additional attributes, potentially executing code. This may lead to a Cross-site Scripting XSS vulnerability, assuming an attacker can influence the...

CVE-2021-23824 Content Injection

This affects the package Crow before 0.3+4. When using attributes without quotes in the template, an attacker can manipulate the input to introduce additional attributes, potentially executing code. This may lead to a Cross-site Scripting XSS vulnerability, assuming an attacker can influence the...

CVE-2022-22163

An Improper Input Validation vulnerability in the Juniper DHCP daemon jdhcpd of Juniper Networks Junos OS allows an adjacent unauthenticated attacker to cause a crash of jdhcpd and thereby a Denial of Service DoS. If a device is configured as DHCPv6 local server and persistent storage is enabled,...

Ametys v4.4.1 CMS - Cross Site Scripting Vulnerability

Document Title: =============== Ametys v4.4.1 CMS - Cross Site Scripting Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2275 Release Date: ============= 2022-01-12 Vulnerability Laboratory ID VL-ID: ==================================== 22...

Rocket LMS 1.1 Cross Site Scripting

Document Title: =============== Rocket LMS v1.1 - History Persistent XSS Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2305 Release Date: ============= 2021-12-29 Vulnerability Laboratory ID VL-ID: ==================================== 23...

What the Rise in Cyber-Recon Means for Your Security Strategy

As we move into 2022, bad actors are ramping up their reconnaissance efforts to ensure more successful and more impactful cyberattacks. And that means more zero-day exploits are on the horizon. When seen through an attack chain such as the MITRE ATT&CK framework, campaigns are frequently discusse...

Rocket LMS v1.1 - (History) Persistent XSS Vulnerability

Document Title: =============== Rocket LMS v1.1 - History Persistent XSS Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2305 Release Date: ============= 2021-12-29 Vulnerability Laboratory ID VL-ID: ==================================== 23...

Cross site scripting

A persistent cross-site scripting XSS issue in the web interface of SuiteCRM before 7.10.35, and 7.11.x and 7.12.x before 7.12.2, allows a remote attacker to introduce arbitrary JavaScript via attachments upload, a different vulnerability than CVE-2021-39267 and CVE-2021-39268...