📄 MobileDetect 2.8.31 Cross Site Scripting

MobileDetect version 2.8.31 suffers from a cross site scripting vulnerability. Exploit Title: MobileDetect 2.8.31 - Cross-Site Scripting XSS Date: 2025-11-25 Exploit Author: CodeSecLab Vendor Homepage: https://github.com/serbanghita/Mobile-Detect/ Software Link:...

CVE-2018-25080 MobileDetect Example session_example.php initLayoutType cross site scripting

A vulnerability, which was classified as problematic, has been found in MobileDetect 2.8.31. This issue affects the function initLayoutType of the file examples/sessionexample.php of the component Example. The manipulation of the argument $SERVER'PHPSELF' leads to cross site scripting. The attack...

MobileDetect 跨站脚本漏洞

MobileDetect is a PHP class for detecting mobile devices. A cross-site scripting vulnerability exists in MobileDetect version 2.8.31, which stems from a problem with the initLayoutType function in the file examples/sessionexample.php in the component Example, which can lead to cross-site scriptin...

Cloudera HUE Session cookies stored in the database

User session cookies are stored in the database. Combined with the vulnerability related to configuration file which is world readable, it is possible to spoof a user across the entire cluster launching jobs and browsing the datalake, without having to crack password hashes. Cookies are stored in...