11 matches found
PT-2023-29868 · Unknown · Rs-Stellar-Strkey
Name of the Vulnerable Software and Affected Versions: rs-stellar-strkey versions prior to 0.0.8 Description: A panic vulnerability occurs when a specially crafted payload is used, due to an issue with the inner payload len variable. This variable should not be above 64. The vulnerability is caus...
PT-2021-24304 · Unknown · Glfusion Cms
Name of the Vulnerable Software and Affected Versions: glFusion CMS version 1.7.9 Description: The issue concerns a reflected Cross Site Scripting XSS vulnerability. Specifically, the value of the title request parameter is copied into an HTML tag attribute encapsulated in double quotation marks...
U.S. Dept Of Defense: Blind Stored XSS Payload fired at the backend on https://█████████/
Summary: I have just gotten an email notification from my XSSHunter payload that my blind stored XSS has been triggered by an administrator on the █████████ site, in the following URL: javascript https://█████/████ Admin IP address: ████████ User-Agent: █████████ Cookies: javascript ██████...
GHSA-C53X-WWX2-PG96 Cross-Site Scripting in @berslucas/liljs
Versions of @berslucas/liljs prior to 1.0.2 are vulnerable to Cross-Site Scripting XSS. The package uses the unsafe innerHTML function without sanitizing input, which may allow attackers to execute arbitrary JavaScript on the victim's browser. Recommendation Upgrade to version 1.0.2 or later...
U.S. Dept Of Defense: Stored XSS at ██████userprofile.aspx
Summary: Stored XSS vulnerability exists at ██████████userprofile.aspx under "say something about yourself...". XSS can be used for a variety of attacks. Impact XSS can be used to steal cookies, password or to run arbitrary code in the victim's browser. Step-by-step Reproduction Instructions 1...
Major Hole Plugged in Secure File Transfer Tool
Biscom, a secure document delivery provider, recently patched a serious vulnerability in its secure file transfer product that could have allowed an authenticated hacker access to data shared between other users. Privately alerted in April by Rapid7 a Biscom customer, the company released an...
Cross-site Scripting (XSS)
github.com/koding/koding is susceptible to cross-site scripting XSS attacks. It happens because encoding in static pages does not escape input string using validator.sanitize.xss...
phpMyAdmin 4.0.x < 4.0.10.6 / 4.1.x < 4.1.14.7 / 4.2.x < 4.2.12 Multiple Vulnerabilities (PMASA-2014-13 through 16)
Binary data 8583.prm...
Nagios XI Graph Explorer Component OS Command Injection Vulnerability
Added: 01/23/2013 BID: 54263 OSVDB: 83552 Background Nagios XI is a network host and service monitoring and management system. Problem Nagios XI Graph Explorer Component is vulnerable to arbitrary command execution by authenticated users. The vulnerability is due to the visApi.php script not...
Nagios XI Graph Explorer Component OS Command Injection Vulnerability
Added: 01/23/2013 BID: 54263 OSVDB: 83552 Background Nagios XI is a network host and service monitoring and management system. Problem Nagios XI Graph Explorer Component is vulnerable to arbitrary command execution by authenticated users. The vulnerability is due to the visApi.php script not...
Emerson Network Power Cross Site Scripting
Found this search box last month which is not sanitizing any input : http://www.emersonnetworkpower.com/en-US/SearchCenter/Pages/AllResults.aspx?k=%3Cscript%3Ealertdocument.cookie%3C/script%3E&s=Network%20Power%20Contenten-USen-US Have contacted the owner but there isn't any response. May be the...