CVE-2021-28688

The fix for XSA-365 includes initialization of pointers such that subsequent cleanup code wouldn't use uninitialized or stale values. This initialization went too far and may under certain conditions also overwrite pointers which are in need of cleaning up. The lack of cleanup would result in...

CVE-2021-30146

Seafile 7.0.5 2019 allows Persistent XSS via the "share of library functionality."...

CVE-2021-30146

Seafile 7.0.5 2019 allows Persistent XSS via the "share of library functionality."...

Cross site scripting

Seafile 7.0.5 2019 allows Persistent XSS via the "share of library functionality."...

CVE-2021-30146

Seafile 7.0.5 2019 allows Persistent XSS via the "share of library functionality."...

CVE-2021-30146

Removed by vendor...

CVE-2021-30146

Seafile 7.0.5 2019 allows Persistent XSS via the "share of library functionality."...

CVE-2021-30146

CVE-2021-30146 affects Seafile Server 7.0.5 (2019). The vulnerability is a Persistent XSS in the"share of library" feature, enabling malicious JavaScript execution. The attack path described in sources indicates an attacker with a local account can create a shared library containing injected scri...

Exploit for Cross-site Scripting in Seafile

CVE-2021-30146 Seafile 7.0.5 Persistent XSS Suggested descri...

Spy Operations Target Vietnam with Sophisticated RAT

An advanced cyberespionage campaign targeting government and military entities in Vietnam has been discovered that delivered a remote-access tool RAT for carrying out espionage operations, researchers said. Further analysis suggested that this campaign was conducted by a group related to a...

Hackers are implanting multiple backdoors at industrial targets in Japan

Cybersecurity researchers on Tuesday disclosed details of a sophisticated campaign that deploys malicious backdoors for the purpose of exfiltrating information from a number of industry sectors located in Japan. Dubbed "A41APT" by Kaspersky researchers, the findings delve into a new slew of attac...

Exploit for Cross-site Scripting in Sherlockim

CVE-2021-29267 SherlockIM ChatBot XSS Suggested description...

CVE-2021-22886

Rocket.Chat before 3.11, 3.10.5, 3.9.7, 3.8.8 is vulnerable to persistent cross-site scripting XSS using nested markdown tags allowing a remote attacker to inject arbitrary JavaScript in a message. This flaw leads to arbitrary file read and RCE on Rocket.Chat desktop app...

CVE-2021-22886

Rocket.Chat before 3.11, 3.10.5, 3.9.7, 3.8.8 is vulnerable to persistent cross-site scripting XSS using nested markdown tags allowing a remote attacker to inject arbitrary JavaScript in a message. This flaw leads to arbitrary file read and RCE on Rocket.Chat desktop app...

GetSimple CMS Custom JS 0.1 Cross Site Request Forgery / Cross Site Scripting

Exploit Title: GetSimple CMS Custom JS Plugin 0.1 - CSRF to Persistent XSS Exploit Author: Abhishek Joshi Date: March 25, 2021 Vendor Homepage: http://get-simple.info/extend/plugin/custom-js/1267 / http://get-simple.info/download Software Link:...

GetSimple CMS Custom JS Plugin 0.1 - CSRF to Persistent XSS Vulnerability

Exploit Title: GetSimple CMS Custom JS Plugin 0.1 - CSRF to Persistent XSS Exploit Author: Abhishek Joshi Vendor Homepage: http://get-simple.info/extend/plugin/custom-js/1267 / http://get-simple.info/download Software Link: http://get-simple.info/extend/export/5260/1267/custom-js.zip Version: 0.1...

Moodle 3.10.3 - (label) Persistent Cross Site Scripting Vulnerability

Exploit Title: Moodle 3.10.3 - 'label' Persistent Cross Site Scripting Author: Vincent666 ibn Winnie Software Link: https://moodle.org/ Tested on: Windows 10 Web Browser: Mozilla Firefox Google Dorks: inurl:/lib/editor/atto/plugins/managefiles/ or calendar/view.php?view=month Choose a role :...

'customhs_js_content' - 'customhs_js_content' Cross-Site Request Forgery

Exploit Title: GetSimple CMS Custom JS Plugin 0.1 - 'customhsjscontent' Cross-Site Request Forgery Exploit Author: Abhishek Joshi Date: March 25, 2021 Vendor Homepage: http://get-simple.info/extend/plugin/custom-js/1267 / http://get-simple.info/download Software Link:...

Regis Inventory And Monitoring System 1.0 - 'Item List' Persistent Cross-Site Scripting

Title: Regis Inventory And Monitoring System 1.0 - 'Item List' Persistent Cross-Site Scripting Exploit Author: George Tsimpidas Date: 2021-03-25 Vendor Homepage: www.sourcecodester.com Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/regisinventory.zip Version ...

Moodle 3.10.3 - 'label' Persistent Cross Site Scripting

Exploit Title: Moodle 3.10.3 - 'label' Persistent Cross Site Scripting Date: 25.03.2021 Author: Vincent666 ibn Winnie Software Link: https://moodle.org/ Tested on: Windows 10 Web Browser: Mozilla Firefox Google Dorks: inurl:/lib/editor/atto/plugins/managefiles/ or calendar/view.php?view=month...