Lucene search
K

7660 matches found

Cvelist
Cvelist
added 2019/09/09 5:47 p.m.32 views

CVE-2019-5471

An input validation and output encoding issue was discovered in the GitLab email notification feature which could result in a persistent XSS. This was addressed in GitLab 12.1.2, 12.0.4, and 11.11.6...

5.1AI score0.00789EPSS
Exploits1References2
Cvelist
Cvelist
added 2019/09/09 5:45 p.m.20 views

CVE-2019-5467

An input validation and output encoding issue was discovered in the GitLab CE/EE wiki pages feature which could result in a persistent XSS. This vulnerability was addressed in 12.1.2, 12.0.4, and 11.11.6...

5.2AI score0.0074EPSS
Exploits1References2
Debian CVE
Debian CVE
added 2019/09/09 5:45 p.m.20 views

CVE-2019-5467

Removed by vendor...

5.4CVSS6AI score0.0074EPSS
Exploits1
wpexploit
wpexploit
added 2019/09/08 12:0 a.m.30 views

Reality < 2.4.0 - Multiple Persistent XSS

----- Persistent XSS on any property page: ----- Vulnerable input fields: 1 - Description & Price - 'PRICE POSTFIX TEXT' and 'SECOND PRICE POSTFIX TEXT'; 2 - Additional Information - 'TITLE' and 'VALUE'; 3 - Location & Map - 'ADDRESS '. Payload Sample: ----- Persistent XSS on user profile page:...

6.5AI score
Exploits0References1
WPVulnDB
WPVulnDB
added 2019/09/08 12:0 a.m.8 views

Nexos - Real Estate < 1.6.1 - SQL Injection & Persistent XSS

----- SQL Injection: ----- Vulnerable 'id' parameter is https://listing-themes.com/nexos-wp/wp-admin/admin.php?page=ownlistingaddlisting=8 ----- Persistent XSS: ----- You need a new user account, then go to any property listing on the website and use «ENQUIRY FORM» on the right sidebar...

8AI score
Exploits0References1Affected Software1
wpexploit
wpexploit
added 2019/09/08 12:0 a.m.21 views

Nexos - Real Estate < 1.6.1 - SQL Injection & Persistent XSS

----- SQL Injection: ----- Vulnerable 'id' parameter is https://listing-themes.com/nexos-wp/wp-admin/admin.php?page=ownlistingaddlisting=8 ----- Persistent XSS: ----- You need a new user account, then go to any property listing on the website and use «ENQUIRY FORM» on the right sidebar...

8.1AI score
Exploits0References1
WPVulnDB
WPVulnDB
added 2019/09/08 12:0 a.m.10 views

Reality < 2.4.0 - Multiple Persistent XSS

----- Persistent XSS on any property page: ----- Vulnerable input fields: 1 - Description & Price - 'PRICE POSTFIX TEXT' and 'SECOND PRICE POSTFIX TEXT'; 2 - Additional Information - 'TITLE' and 'VALUE'; 3 - Location & Map - 'ADDRESS '. Payload Sample: ----- Persistent XSS on user profile page:...

6.2AI score
Exploits0References1Affected Software1
wpexploit
wpexploit
added 2019/09/08 12:0 a.m.18 views

Selio - Real Estate Directory <= 1.1 - SQL Injection & Persistent XSS

----- SQL Injection: ----- Vulnerable 'id' parameter is https://listing-themes.com/selio-wp/wp-admin/admin.php?page=ownlistingaddlisting=21 ----- Persistent XSS: ----- You need a new user account, then go to any property listing on the website and use 'ENQUIRY FORM' on the right sidebar. Or you...

7.8AI score
Exploits0References1
Hacker One
Hacker One
added 2019/08/31 11:38 a.m.20 views

Nextcloud: Persistent XSS on favorite via filename

CVSS ---- Medium 6.4 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N Description ----------- The name of a file is echoed without encoding when favoring the file, leading to persistent XSS. POC --- To place the payload: - Create a file called test'".pdf and upload it. To trigger the payload: - click...

2.4AI score
Exploits0
0day.today
0day.today
added 2019/08/30 12:0 a.m.58 views

Sentrifugo 3.2 - Persistent Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: Sentrifugo 3.2 - Persistent Cross-Site Scripting Exploit Author: creosote Vendor Homepage: http://www.sentrifugo.com/ Version: 3.2 Tested on: Ubuntu 18.04 CVE : CVE-2019-15814 Multiple Stored XSS vulnerabilities were found in...

3.5CVSS5.6AI score0.01581EPSS
Exploits5
Packet Storm
Packet Storm
added 2019/08/30 12:0 a.m.317 views

Sentrifugo 3.2 Cross Site Scripting

Exploit Title: Sentrifugo 3.2 - Persistent Cross-Site Scripting Google Dork: N/A Date: 8/29/2019 Exploit Author: creosote Vendor Homepage: http://www.sentrifugo.com/ Version: 3.2 Tested on: Ubuntu 18.04 CVE : CVE-2019-15814 Multiple Stored XSS vulnerabilities were found in Sentrifugo 3.2. In most...

5.6AI score0.01581EPSS
Exploits5
Exploit DB
Exploit DB
added 2019/08/30 12:0 a.m.198 views

Sentrifugo 3.2 - Persistent Cross-Site Scripting

Exploit Title: Sentrifugo 3.2 - Persistent Cross-Site Scripting Google Dork: N/A Date: 8/29/2019 Exploit Author: creosote Vendor Homepage: http://www.sentrifugo.com/ Version: 3.2 Tested on: Ubuntu 18.04 CVE : CVE-2019-15814 Multiple Stored XSS vulnerabilities were found in Sentrifugo 3.2. In most...

5.4CVSS5.8AI score0.01581EPSS
Exploits5
Prion
Prion
added 2019/08/21 6:15 p.m.15 views

Cross site scripting

The rsvp plugin before 2.3.8 for WordPress has persistent XSS via the note field on the attendee-list screen...

4.3CVSS6AI score0.00905EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2019/08/21 5:20 p.m.18 views

CVE-2017-18563

The rsvp plugin before 2.3.8 for WordPress has persistent XSS via the note field on the attendee-list screen...

6.1AI score0.00905EPSS
Exploits0References1
CVE
CVE
added 2019/08/21 5:20 p.m.38 views

CVE-2017-18563

The CVE-2017-18563 issue affects the WordPress RSVP plugin prior to version 2.3.8, where the attendee-list screen note field is vulnerable to persistent XSS. The vulnerability stems from unsanitized input stored and later rendered in the attendee list; impact is user-facing XSS. A fix is availabl...

6.1CVSS6AI score0.00905EPSS
Exploits0References1Affected Software1
exploitpack
exploitpack
added 2019/08/19 12:0 a.m.14 views

Neo Billing 3.5 - Persistent Cross-Site Scripting

Neo Billing 3.5 - Persistent Cross-Site Scripting Exploit Title: Neo Billing 3.5 - Stored Cross Site Scripting Vulnerability Date: 18.8.2019. Exploit Author: n1x MS-WEB Vendor Homepage: https://codecanyon.net/item/neo-billing-accounting-invoicing-and-crm-software/20896547 Version: 3.5 CWE : CWE-7...

6.8AI score
Exploits0
Exploit DB
Exploit DB
added 2019/08/19 12:0 a.m.162 views

Kimai 2 - Persistent Cross-Site Scripting

Exploit Title: Kimai 2- persistent cross-site scripting XSS Date: 07/15/2019 Exploit Author: osamaalaa Vendor Homepage: link Software Link: https://github.com/kevinpapst/kimai2 Fixed on Github : https://github.com/kevinpapst/kimai2/pull/962 Version: 2 1-Normal user will try to add timesheet from...

7AI score
Exploits0
Carbon Black Blog
Carbon Black Blog
added 2019/08/16 6:28 p.m.146 views

CB TAU Threat Intelligence Notification: Sodinokibi Ransomware

Sodinokibi otherwise known as Sodin or REvil is a ransomware variant that has recently been observed evolving its delivery techniques, leveraging fake antivirus software and PowerShell droppers. This malware appears to be related to GandCrab and is likely a result of their operation closing up...

6.5AI score
Exploits0
0day.today
0day.today
added 2019/08/13 12:0 a.m.26 views

UNA 10.0.0 RC1 - (polyglot.php) Persistent Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: UNA - 10.0.0-RC1 stored XSS vuln. Exploit Author: Greg.Priest Vendor Homepage: https://una.io/ Software Link: https://github.com/unaio/una/tree/master/studio Version: UNA - 10.0.0-RC1 Tested on: Windows/Linux CVE : CVE-2019-1480...

3.5CVSS5.7AI score0.02672EPSS
Exploits4
0day.today
0day.today
added 2019/08/13 12:0 a.m.38 views

osTicket 1.12 - Persistent Cross-Site Scripting via File Upload Vulnerability

Exploit for php platform in category web applications Exploit Title: osTicket-v1.12 Stored XSS via File Upload Vendor Homepage: https://osticket.com/ Software Link: https://osticket.com/download/ Exploit Author: Aishwarya Iyer Contact: https://twitter.com/aish9524 Website: https://about.me/aishiy...

3.5CVSS5.8AI score0.02733EPSS
Exploits5
Rows per page
Query Builder