Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the lead:addLeadTags process. An attacker can execute arbitrary JavaScript in another user's browser session by injecting malicious input into the Tags field, which is reflected in the server's response...

U.S. Dept Of Defense: XSS Reflected

The web application was vulnerable to reflected cross-site scripting XSS attacks. Untrusted data from the URL parameters was included in the application's response without proper sanitization or validation. This allowed an attacker to inject malicious scripts into web pages viewed by other users...

Cela Link CLR-M20 2.7.1.6 - Arbitrary File Upload

Cela Link CLR-M20 2.7.1.6 - Arbitrary File Upload Exploit Title: Cela Link CLR-M20 2.7.1.6 - Arbitrary File Upload Date: 2018-07-13 Shodan Dork: CLR-M20 Exploit Author: Safak Aslan Software Link: http://www.celalink.com Version: 2.7.1.6 CVE: 2018-15137 Authentication Required: No Tested on: Windo...

New Relic: Host Header Injection / Cache Poisoning

The application reflects HTTP Header value back in it's response and it may be possible to poison the server cache. The X-Forwarded-Host is directly reflected as a hyperlink. HTTP Request GET / HTTP/1.1 Host: newrelic.com X-Forwarded-Host: pavanw3b.com ... .... HTTP Response HTTP/1.1 200 OK...