CVE-2023-53928

PHPFusion 9.10.30 is affected by a stored cross-site scripting vulnerability in the file manager, allowing attackers to upload SVGs with embedded JavaScript. When such SVGs are viewed, they can execute client-side code that may steal session information or perform other user-side actions. The vul...

Cisco DCNM Auth Bypass

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'securerandom' require 'base64' class MetasploitModule 'Cisco DCNM auth bypass', 'Description' = %q This exploit is able to add an admin account to a Cisco DCNM...

CVE-2023-48432

An issue was discovered in Zimbra Collaboration ZCS 8.8.15, 9.0, and 10.0. XSS, with resultant session stealing, can occur via JavaScript code in a link for a webmail redirection endpoint within en email message, e.g., if a victim clicks on that link within Zimbra webmail...

CVE-2023-48432

An issue was discovered in Zimbra Collaboration ZCS 8.8.15, 9.0, and 10.0. XSS, with resultant session stealing, can occur via JavaScript code in a link for a webmail redirection endpoint within en email message, e.g., if a victim clicks on that link within Zimbra webmail...

Design/Logic Flaw

An issue was discovered in Zimbra Collaboration ZCS 8.8.15, 9.0, and 10.0. XSS, with resultant session stealing, can occur via JavaScript code in a link for a webmail redirection endpoint within en email message, e.g., if a victim clicks on that link within Zimbra webmail...

CVE-2023-48432

An issue was discovered in Zimbra Collaboration ZCS 8.8.15, 9.0, and 10.0. XSS, with resultant session stealing, can occur via JavaScript code in a link for a webmail redirection endpoint within en email message, e.g., if a victim clicks on that link within Zimbra webmail...

Zimbra Collaboration Suite Security Vulnerability

Zimbra Collaboration Suite ZCS is an open source collaboration suite from Zimbra in the United States. The product includes WebMail, Calendar, Address Book and more. A security vulnerability exists in Zimbra Collaboration Suite versions 8.8.15, 9.0, and 10.0. An attacker exploited the vulnerabili...

CVE-2023-48432

CVE-2023-48432 affects Zimbra Collaboration Server (ZCS) 8.8.15, 9.0, and 10.0. The issue is an XSS in a link used by the webmail redirection endpoint inside an email message, enabling potential session stealing when a victim clicks the link in Zimbra WebMail. Exploitation context is user interac...

CVE-2023-26261

In UBIKA WAAP Gateway/Cloud through 6.10, a blind XPath injection leads to an authentication bypass by stealing the session of another connected user. The fixed versions are WAAP Gateway & Cloud 6.11.0 and 6.5.6-patch15...

CVE-2022-39207 Persistent XSS in OneDev

Onedev is an open source, self-hosted Git Server with CI/CD and Kanban. During CI/CD builds, it is possible to save build artifacts for later retrieval. They can be accessed through OneDev's web UI after the successful run of a build. These artifact files are served by the webserver in the same...

NUUO Network Video Recorder NVRsolo Cross-Site Scripting Vulnerability

NUUO Network Video Recorder NVR is a network video recorder from NUUO, Taiwan, China. A cross-site scripting vulnerability exists in NUUO Network Video Recorder NVRsolo version 3.9.1, which stems from the lack of effective filtering and escaping of user-submitted request parameters, and can be...

Cross-site Scripting (XSS) - Stored in forkcms/forkcms

Description XSS in the question asking session feedback page Proof of Concept Hi'" link https://demo.fork-cms.com/private/en/faq/edit?token=u1xyihius6&id=1 paste the payload in the question section and view the question in link Impact custom javascript code execution , session stealing etc...

Cisco DCNM auth bypass

This exploit is able to add an admin account to a Cisco DCNM with credentials you can choose. After that, you can login to the web interface with those credentials. The only necessary condition is the more or less recent connection of an admin as this exploit uses a kind of session stealing. Modu...

EgavilanMedia User Registration & Login System with Admin Panel 1.0 - CSRF

Exploit Title: EgavilanMedia User Registration & Login System with Admin Panel 1.0 - CSRF Date: 01-12-2020 Exploit Author: Hardik Solanki Vendor Homepage: http://egavilanmedia.com Software Link:...

CVE-2018-1000642

FlightAirMap version =v1.0-beta.21 contains a Cross Site Scripting XSS vulnerability in GET variable used within registration sub menu page that can result in unauthorised actions and access to data, stealing session information. This vulnerability appears to have been fixed in after commit 22b09...

Cross site scripting

An issue was discovered in Jirafeau before 3.4.1. The "search file by link" form is affected by reflected XSS that could allow, by targeting an administrator, stealing a session and gaining administrative privileges...

CVE-2018-5705

Reservo Image Hosting 1.6 is vulnerable to XSS attacks. The affected function is its search engine the t parameter to the /search URI. Since there is an user/admin login interface, it's possible for attackers to steal sessions of users and thus admins. By sending users an infected URL, code will ...

Reservo Image Hosting Script 1.5 - Cross-Site Scripting

Reservo Image Hosting Script 1.5 - Cross-Site Scripting Exploit Title: Reservo Image Hosting Script 1.5 - Cross Site Scripting Date: 15-01-2018 Exploit Author: Dennis Veninga Contact Author: d.veninga at networking4all.com Vendor Homepage: reservo.co Version: 1.6 CVE-ID: CVE-2018-5705 With suppor...

CVE-2018-5479

FoxSash ImgHosting 1.5 according to footer information is vulnerable to XSS attacks. The affected function is its search engine via the search parameter to the default URI. Since there is an user/admin login interface, it's possible for attackers to steal sessions of users and thus admins. By...

OpenVPN Access Server : CRLF injection with Session fixation(CVE-2017-5868)

Description OpenVPN Access Server is a full featured secure network tunneling VPN software solution that integrates OpenVPN server capabilities, enterprise management capabilities, simplified OpenVPN Connect UI, and OpenVPN Client software packages that accommodate Windows, MAC, Linux, Android, a...