48 matches found
Semrush: Stored XSS in '' Section and WAF Bypass
Summary Stored Cross-site Scripting XSS is the most dangerous type of Cross Site Scripting. Web applications that allow users to store data are potentially exposed to this type of attack. stored XSS occurs when a web application gathers input from a user which might be malicious, and then stores...
Semrush: Post Based XSS On Upload Via CK Editor [semrush.com]
Summary: XSS Via Post Method When Upload via CKEditor Description: This XSS is execute by error message when upload some image on https://www.semrush.com/my-posts/api/image/upload/?CKEditor=text&CKEditorFuncNum=0&langCode=en Browsers Verified In: Firefox Steps To Reproduce: - This is POST based...
Semrush: clickjacking to Semrush auth login
Description: Clickjacking User Interface redress attack, UI redress attack, UI redressing is a malicious technique of tricking a Web user into clicking on something different from what the user perceives they are clicking on. this attack could be perform to semrush auth user because its direct...
Semrush: Ad Builder Display Ads Path Traversal
Summary: The Semrush Ad Builder for Display Ads is vulnerable to path traversal when extracting zip files and referencing images from the embedded data.csv file. Description: The Semrush Ad Builder for Display Ads allows users to import Display Ads from an uploaded zip file. The backend...
Semrush: [oauth token leak] at oauth.semrush.com
Domain, site, application --- oauth.semrush.com Steps to reproduce --- 1 Create following html at attacker.com/postmessage.html function listenerevent alertJSON.stringifyevent.data; var dest =...
Semrush: Open Redirect
Open Redirect on https://www.semrush.com/ User can be redirect to malicious site POC: https://www.semrush.com/redirect?url=http://bing.com I hope you know the impact of open redirect and more info refer https://cwe.mitre.org/data/definitions/601.html Impact User can be redirect to malicious site...
Semrush: Reflected XSS using Header Injection
Host : www.semrush.com Path : /billing-admin/profile/subscription/?l=de Payload : c5obc'+alert1+'p7yd5 Steps to reproduce : Request Header : GET /billing-admin/profile/subscription/?l=de HTTP/1.1 Host: www.semrush.com Accept: / Accept-Language: en User-Agent: Mozilla/5.0 compatible; MSIE 9.0;...
Semrush: Insecure Direct Object Reference on API without API key
Summary: It is possible to query the semrush API without specifying an API key. This allows anyone to query the API and retrieve information without having paid for a subscription. This is not a security vulnerability as such, but I believe it does undermine your business model in that a user doe...