7660 matches found
InJob < 3.3.8 - Reflected & Persistent XSS
Multiple XSS vulnerabilities have been founded in the 'InJob | Multi-purpose for recruitment WordPress Theme' theme v3.3.6. Edit WPScanTeam: September 16th, 2019 - Envato Contacted September 16th, 2019 - v3.3.7 released. XSS still present October 11th, 2019 - Envato contacted again for updates...
InJob < 3.3.8 - Reflected & Persistent XSS
Multiple XSS vulnerabilities have been founded in the 'InJob | Multi-purpose for recruitment WordPress Theme' theme v3.3.6. Edit WPScanTeam: September 16th, 2019 - Envato Contacted September 16th, 2019 - v3.3.7 released. XSS still present October 11th, 2019 - Envato contacted again for updates...
CVE-2019-16333
GetSimple CMS v3.3.15 has Persistent Cross-Site Scripting XSS in admin/theme-edit.php...
CVE-2019-16334
In Bludit v3.9.2, there is a persistent XSS vulnerability in the Categories - Add New Category - Name field. NOTE: this may overlap CVE-2017-16636...
Cross site scripting
GetSimple CMS v3.3.15 has Persistent Cross-Site Scripting XSS in admin/theme-edit.php...
Cross site scripting
In Bludit v3.9.2, there is a persistent XSS vulnerability in the Categories - Add New Category - Name field. NOTE: this may overlap CVE-2017-16636...
CVE-2019-16333
GetSimple CMS v3.3.15 is affected by a persistent Cross-Site Scripting (XSS) vulnerability in admin/theme-edit.php. The CVE description and connected sources (NVD/NVD mirrors, OpenVAS entry, and related advisories) consistently identify GetSimple CMS 3.3.15 as vulnerable to XSS in that admin page...
CVE-2019-16333
GetSimple CMS v3.3.15 has Persistent Cross-Site Scripting XSS in admin/theme-edit.php...
CVE-2019-16334
In Bludit v3.9.2, there is a persistent XSS vulnerability in the Categories - Add New Category - Name field. NOTE: this may overlap CVE-2017-16636...
CVE-2019-16334
CVE-2019-16334 corresponds to a persistent XSS vulnerability in Bludit v3.9.2, exploitable via the Categories → Add New Category → Name field. The linked sources consistently state a stored/persistent XSS risk affecting that UI entry, with note that it may overlap CVE-2017-16636. No explicit expl...
The 10 Most Common Attacks
This post is an excerpt from The Ultimate Cybersecurity Guide for the IT Professional. Common Attacks Today’s organizations face four main categories of adversaries. In order to fully defend against these four types, you must also understand what motivates them. This context will best position yo...
WordPress Plugin Photo Gallery 1.5.34 - Cross-Site Scripting
WordPress Plugin Photo Gallery 1.5.34 - Cross-Site Scripting Exploit Title: WordPress Plugin Photo Gallery by 10Web alert1; 4. Click Save and preview. 5. It will show pop-up confirming existence of XSS vulnerability Timeline 09-01-2019 - Vulnerability Reported 09-03-2019 - Vendor responded...
WordPress Plugin Photo Gallery 1.5.34 - Cross-Site Scripting (2)
Exploit Title: WordPress Plugin Photo Gallery by 10Web img src=a onerror='alert2;' 4. Click Save. 5. It will show pop-up confirming existence of XSS vulnerability Timeline 09-01-2019 - Vulnerability Reported 09-03-2019 - Vendor responded 09-04-2019 - New version released 1.5.35 09-10-2019 - Full...
WordPress Plugin Photo Gallery 1.5.34 - Cross-Site Scripting
Exploit Title: WordPress Plugin Photo Gallery by 10Web alert1; 4. Click Save and preview. 5. It will show pop-up confirming existence of XSS vulnerability Timeline 09-01-2019 - Vulnerability Reported 09-03-2019 - Vendor responded 09-04-2019 - New version released 1.5.35 09-10-2019 - Full Disclosu...
CVE-2019-6784
An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows XSS issue 1 of 2. Markdown fields contain a lack of input validation and output encoding when processing KaTeX that results in a persistent XSS...
CVE-2019-5467
An input validation and output encoding issue was discovered in the GitLab CE/EE wiki pages feature which could result in a persistent XSS. This vulnerability was addressed in 12.1.2, 12.0.4, and 11.11.6...
CVE-2019-5467
An input validation and output encoding issue was discovered in the GitLab CE/EE wiki pages feature which could result in a persistent XSS. This vulnerability was addressed in 12.1.2, 12.0.4, and 11.11.6...
CVE-2019-5471
An input validation and output encoding issue was discovered in the GitLab email notification feature which could result in a persistent XSS. This was addressed in GitLab 12.1.2, 12.0.4, and 11.11.6...
CVE-2019-5467
An input validation and output encoding issue was discovered in the GitLab CE/EE wiki pages feature which could result in a persistent XSS. This vulnerability was addressed in 12.1.2, 12.0.4, and 11.11.6...
Design/Logic Flaw
An input validation and output encoding issue was discovered in the GitLab CE/EE wiki pages feature which could result in a persistent XSS. This vulnerability was addressed in 12.1.2, 12.0.4, and 11.11.6...