Cross site scripting

An XSS vulnerability on the /NAGErrors URI in NetIQ Access Manager 4.2 and 4.3 exists because Access Gateway Error pages do not validate the HTTP Referer header...

CVE-2017-5191

An XSS vulnerability on the /NAGErrors URI in NetIQ Access Manager 4.2 and 4.3 exists because Access Gateway Error pages do not validate the HTTP Referer header...

CVE-2017-5191

NetIQ Access Manager (NAM) versions 4.2 and 4.3 contain a cross-site scripting (XSS) vulnerability in the /NAGErrors URI. The issue arises because the Access Gateway Error page does not validate the HTTP Referer header, enabling a remote attacker to inject arbitrary web script or HTML. No exploit...

WordPress plugin "WP Statistics" vulnerable to cross-site scripting

Overview The WordPress plugin "WP Statistics" provided by WP Statistics contains a stored cross-site scripting vulnerability CWE-79 in multiple pages due to a flaw in processing HTTP Referer headers. Note that this vulnerability is different from JVN77253951. Gen Sato of Mitsui Bussan Secure...

CVE-2016-3045

IBM Security Access Manager for Web stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referer header or browser history...

Information disclosure

IBM Security Access Manager for Web stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referer header or browser history...

CVE-2016-3045

IBM Security Access Manager for Web stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referer header or browser history...

CVE-2016-3045

IBM Security Access Manager for Web stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referer header or browser history...

Serendipity Open Redirect Vulnerability

Serendipity is a PHP-based blogging system developed by Serendipity team. The system supports the creation of online journals, blogs, web pages and more. An open redirection vulnerability exists in comment.php in Serendipity in versions 2.0.5 and earlier, which allows remote attackers to redirect...

Phire CMS 2.0.0 Cross Site Scripting

Title Phire CMS HTTP Request POST /phirecms/phire/config HTTP/1.1 Headers: ... Post Data: datetimeformat=&datetimeformatcustom=%22%3E%3Cscript%3Ealert%281337%29%3C%2Fscript%3E&pagination=25&systemtheme=default&submit=Save HTTP Response...

Wolf CMS Stored Cross-Site Scripting Vulnerability

Wolf CMS is a PHP-based open source content management system CMS developed by the Wolf CMS team. The system provides user interface , templates , user management and rights management and other functions . A stored cross-site scripting vulnerability exists in Wolf CMS version 0.8, which stems fr...

OLX: [Critical] Delete any account

Hi Guys i found a vulnerable endpoint the can deletes any logged in user the vulnerable url is olx.com/myaccount/delete/ with only one parameter called removehash POST /account/register/ HTTP/1.1 Host: olx.com.eg User-Agent: Mozilla/5.0 Macintosh; Intel Mac OS X 10.7; rv:47.0 Gecko/20100101...

WordPress Count per Day 3.5.4 Plugin - Persistent Cross-Site Scripting

Exploit for php platform in category web applications Stored Cross-Site Scripting vulnerability in Count per Day WordPress Plugin Abstract A Cross-Site Scripting vulnerability was found in the Count per Day WordPress Plugin. This issue can be exploited by an unauthenticated attacker and allows an...

WordPress Count Per Day 3.5.4 Persistent Cross Site Scripting

------------------------------------------------------------------------ Stored Cross-Site Scripting vulnerability in Count per Day WordPress Plugin ------------------------------------------------------------------------ Julien Rentrop, July 2016...

WordPress Live Chat Support 6.2.00 Cross Site Scripting

------------------------------------------------------------------------ Persistent Cross-Site Scripting in WP Live Chat Support plugin ------------------------------------------------------------------------ Han Sahin, July 2016...

The vulnerability of the Zyxel ZLD operating system allows a remote attacker to execute arbitrary code on the web server.

Exploiting a vulnerability in the operating system of the Zyxel ZyWALL USG 300 network firewall/switch allows a malicious actor to inject any desired web script through the Referer header. This is done by improperly handling the “404” error page, thereby compromising the integrity of data process...

DEBIAN-CVE-2016-5739

The Transformation implementation in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 does not use the no-referrer Content Security Policy CSP protection mechanism, which makes it easier for remote attackers to conduct CSRF attacks by reading an authentication toke...

CVE-2016-5739

The Transformation implementation in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 does not use the no-referrer Content Security Policy CSP protection mechanism, which makes it easier for remote attackers to conduct CSRF attacks by reading an authentication toke...

UBUNTU-CVE-2016-5739

The Transformation implementation in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 does not use the no-referrer Content Security Policy CSP protection mechanism, which makes it easier for remote attackers to conduct CSRF attacks by reading an authentication toke...

CVE-2016-5739

The Transformation implementation in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 does not use the no-referrer Content Security Policy CSP protection mechanism, which makes it easier for remote attackers to conduct CSRF attacks by reading an authentication toke...