5 matches found
Judge.me : Stored XSS in Question edit for product name (bypass #1416672)
Hi @judgeme! Step to reproduce: 1. Log in to your shopify account and create product with name img src=x onerror=promptdocument.domain img src=x onerror=promptdocument.domain 2. Go to our store and write question to our product with name img src=x onerror=promptdocument.domain img src=x...
TeleShadow - Telegram Desktop Session Stealer (Windows)
Stealing desktop telegrams has never been so easy ! Set the email and sender details of the sender and recipient and send it to the victim after compiling. How do I use the session file? Delete everything inside folder at "C:\Users\YourName\AppData\Roaming\Telegram Desktop\tdata" Then Replace...
WebCT 4.1.5 - Email and Discussion Board Messages HTML Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/28107/info WebCT is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplied HTML or JavaScript co...
WebCT 4.1.5 - Email and Discussion Board Messages HTML Injection
source: https://www.securityfocus.com/bid/28107/info WebCT is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplied HTML or JavaScript code could run in the context of the...
WebCT 4.1.5 - Email and Discussion Board Messages HTML Injection
WebCT 4.1.5 - Email and Discussion Board Messages HTML Injection source: https://www.securityfocus.com/bid/28107/info WebCT is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated content...