Exponent CMS 2.3.0 Cross Site Scripting

Title: exponent-2.3.0 CMS index.php POST Reflected XSS Severity: High CVE-ID: To Be Assigned Release Date: 20 September 2014 Author: Kenneth F. Belva Websites: http://silverbackventuresllc.com http://xssWarrior.com http://securitymaverick.com Twitter: @infosecmaverick Contact: Please use website...

OrangeHRM 2.7.1 Vacancy Name Persistent XSS

OrangeHRM1 2.7.12 -- the latest stable release as of this writing -- suffers from a persistent XSS in the vacancy name variable. Steps: 1. Navigate to following URL: http://domain/symfony/web/index.php/recruitment/viewJobVacancy 2. Add or Edit a Vacancy 3. In the Vacancy Name parameter put XSS...