BoxBilling 3.6.11 (mod_notification) Stored Cross-Site Scripting Vulnerability

Summary BoxBilling is a free billing, invoicing & client management software. Description BoxBilling suffers from a stored cross-site scripting vulnerability. Input passed to the 'message' POST parameter thru the 'Notification Center' extension/module is not properly sanitised before being return...

Splunk < 5.0.6 Unspecified XSS

According to its version number, the Splunk Web hosted on the remote web server is affected by an unspecified cross-site scripting vulnerability. An attacker can exploit this issue to inject arbitrary HTML and script code into a user's browser to be executed within the security context of the...

WordPress Optinfirex Cross Site Scripting

Exploit Title : Wordpress optinfirex plugin Cross site scripting Exploit Author : Ashiyane Digital Security Team Vendor Homepage : http://wordpress.org Google Dork : inurl :wp-content/plugins/optinfirex Date: 2013-11-26 Tested on: Windows 7 , Linux...

PHP 5.3.10, 5.4.0 XSS Vulnerability

PHP is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:php:php"; ifdescription...

Zikula 1.3.5 Build 20 Cross Site Scripting Vulnerability

Exploit for php platform in category web applications Product: Zikula Application Framework Vendor: Zikula Software Foundation Vulnerable Versions: 1.3.5 build 20 and probably prior Tested Version: 1.3.5 build 20 Advisory Publication: October 16, 2013 without technical details Vendor Notification...

WordPress MobileChief Mobile Site Builder Plugin XSS Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:wordpress:wordpress"; ifdescription...

Feeder.co RSS Feeder 5.2 Cross Site Scripting

Document Title: =============== Feeder.co RSS Feeder 5.2 Chrome - Persistent Software Vulnerability Release Date: ============= 2013-10-26 Vulnerability Laboratory ID VL-ID: ==================================== 1119 Common Vulnerability Scoring System: ==================================== 3.8...

Multiple Cross-Site Scripting (XSS) in Claroline

High-Tech Bridge Security Research Lab discovered multiple vulnerabilities in Claroline, which can be exploited to perform Cross-Site Scripting XSS attacks against vulnerable web application visitors and administrators. 1 Cross-Site Scripting XSS in Claroline: CVE-2013-6267 1.1 The vulnerability...

WordPress Videowall Plugin XSS Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:wordpress:wordpress"; ifdescription...

WordPress WooCommerce 2.0.17 Cross Site Scripting

Wordpress WooCommerce Plugin 2.0.17 Cross-Site Scripting Vulnerability Vendor: WooThemes Product web page: http://www.woothemes.com Affected version: 2.0.17 and 2.0.14 Summary: WooCommerce is an open source e-commerce plugin for WordPress. Desc: The plugin suffers from a XSS issue due to a...

Bugzilla - editflagtypes.cgi Multiple Cross-Site Scripting Vulnerabilities

Bugzilla - editflagtypes.cgi Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/63204/info Bugzilla is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input. An attacker may leverage these issues t...

Microsoft SharePoint 2013 &#40;Cloud&#41; - Persistent Exception Handling Web Vulnerability

Title: ====== Microsoft SharePoint 2013 Cloud - Persistent Exception Handling Web Vulnerability Date: ===== 2013-09-11 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=812 Security Bulletin: MS13-067 http://technet.microsoft.com/de-de/security/bulletin/MS13-067 Microsoft...

Cross-Site Scripting (XSS) in GuppY

High-Tech Bridge Security Research Lab discovered two XSS vulnerabilities in GuppY, which can be exploited to perform Cross-Site Scripting attacks against users of vulnerable application. 1 Cross-Site Scripting XSS in GuppY: CVE-2013-5983 1.1 The vulnerability exists due to insufficient...

WordPress Platinum SEO Plugin < 1.3.8 XSS Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:wordpress:wordpress"; ifdescription...

XAMPP 1.8.1 Local Write Access Vulnerability

XAMPP version 1.8.1 allows an unprivileged user the ability to write to the local disk. It has been detected than an unprivileged user can write in the local disk and the local file "lang.tmp" can be modified in the remote machine. The injection is done through the page "/xampp/lang.php"...

Moodle 'external.php' 'badge' Parameter XSS

The version of Moodle installed on the remote host fails to properly sanitize user-supplied input to the 'badge' parameter of the 'external.php' script. The application also fails to properly sanitize serialized objects. An attacker can exploit these issues by crafting a URL containing a serializ...

Mozilla Firefox 9.0.1 - Same Origin Policy Security Bypass

source: https://www.securityfocus.com/bid/62480/info Mozilla Firefox is prone to a security-bypass vulnerability. Attackers can exploit this issue to bypass the same-origin policy and certain access restrictions to access data, or execute arbitrary script code in the browser of an unsuspecting us...

Mozilla Firefox 9.0.1 - Same Origin Policy Security Bypass

Mozilla Firefox 9.0.1 - Same Origin Policy Security Bypass source: https://www.securityfocus.com/bid/62480/info Mozilla Firefox is prone to a security-bypass vulnerability. Attackers can exploit this issue to bypass the same-origin policy and certain access restrictions to access data, or execute...

Microsoft FrontPage CVE-2013-3137 Information Disclosure Vulnerability

Description Microsoft FrontPage is prone to an information-disclosure vulnerability. Attackers can exploit this issue to disclose the contents of a local file on the affected computer. This may aid in further attacks. Technologies Affected Microsoft FrontPage 2003 SP3 Recommendations Run all...

Cisco Content Security Management Appliance XSS and CSRF Vulnerabilities

Cisco Content Security Management Appliance is prone to cross site scripting and cross site request forgery vulnerabilities. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...