Stored HTML Injection

phpmyfaq is vulnerable to Stored HTML Injection. The vulnerability exists due to improper handling of inputs through the Question Form, which allows an attacker to inject and execute malicious HTML content in the web page when an admin approves the question, possibly leading to code execution...

Captcha Bypass allows sending unlimited Comments

Hello, I identified a CAPTCHA Bypass after trying many Posts in the Comments Section. Lets see : --------- sent successfully! let's see the comments Comments are available The Question Form is also vulnerable for Captcha Bypass please check it also too. Thank you...

stored HTML-Injection throuth the Question Form

Dear Ladies and Gentlemen, First of all, thank you for your time and effort in reading my Report. While doing the Penetration Test my Brother Josef Hassan [email protected] and I were able to identify another stored HTML-Injection Vulnerability in the Question Form. The Process of the...

Watu Quizz <= 3.1.2.5 - Reflected XSS via question-form.html.php

The Watu Quiz WordPress plugin was affected by a Reflected XSS via question-form.html.php security vulnerability. /wp-admin/admin.php?page=watuquestion&question=1&action=edit&quiz=1"...

IndiaNIC FAQs Manager 1.0 - Ask Question Form question Parameter XSS

The faqs-manager WordPress plugin was affected by an Ask Question Form question Parameter XSS security vulnerability...

WordPress IndiaNIC FAQs Manager Plugin 1.0 - Multiple Vulnerabilities

IndiaNIC FAQ Settings Page is vulnerable for CSRF. The Ask Question area front-end is vulnerable for XSS. It is possible to insert alert1 in question parameter. The Captcha value can be read from captcha parameter hidden field =================== We don't need the captcha Image when we have this ...