Lucene search
K

28 matches found

CNVD
CNVD
β€’added 2024/01/30 12:0 a.m.β€’29 views

Cups Easy cross-site scripting vulnerability (CNVD-2024-11143)

Cups Easy is a PHP-based purchasing and inventory software that may become a full-fledged ERP in the future. Cups Easy suffers from a cross-site scripting vulnerability that stems from insufficient escaping of the description parameter on the /cupseasylive/itempopup.php page. An attacker could us...

8.2CVSS6.5AI score0.00398EPSS
Exploits0References1
OSV
OSV
β€’added 2023/11/20 5:48 p.m.β€’34 views

CVE-2023-48240 XWiki Platform sends cookies to external images in rendered diff and is vulnerable to server side request forgery

XWiki Platform is a generic wiki platform. The rendered diff in XWiki embeds images to be able to compare the contents and not display a difference for an actually unchanged image. For this, XWiki requests all embedded images on the server side. These requests are also sent for images from other...

9CVSS8.3AI score0.0071EPSS
Exploits0References5
Cvelist
Cvelist
β€’added 2022/01/28 7:9 p.m.β€’25 views

CVE-2022-22791 SYNEL - eharmony Authenticated Blind & Stored XSS

SYNEL - eharmony Authenticated Blind & Stored XSS. Inject JS code into the "comments" field could lead to potential stealing of cookies, loading of HTML tags and JS code onto the system...

6.6CVSS6.6AI score0.00382EPSS
Exploits0References1
OpenVAS
OpenVAS
β€’added 2022/01/28 12:0 a.m.β€’19 views

Mageia: Security Advisory (MGASA-2015-0227)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS9.5AI score0.04345EPSS
Exploits0References6
Huntr
Huntr
β€’added 2021/12/20 12:1 p.m.β€’21 views

Cross-site Scripting (XSS) - Stored in janeczku/calibre-web

Description Missing input check on Identifiers lead to stored XSS. Steps to reproduce 1. 1. Any book - Edit metadata - Identifiers 2. 2. Set any value to the first field and javascript:alertdocument.domain to the second one. 3. 3. Save the book, select it, click on Identifier - XSSed! Proof of...

3.5CVSS0.9AI score0.00802EPSS
Exploits1
Prion
Prion
β€’added 2021/12/08 8:15 p.m.β€’11 views

Design/Logic Flaw

PineApp - Mail Secure - Attacker sending a request to :/blocking.php?url=alert1 and stealing cookies...

4.3CVSS6.2AI score0.00562EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
β€’added 2021/12/08 7:24 p.m.β€’26 views

CVE-2021-36720 Cybonet - PineApp

PineApp - Mail Secure - Attacker sending a request to :/blocking.php?url=alert1 and stealing cookies...

6.4AI score0.00562EPSS
Exploits0References1
Huntr
Huntr
β€’added 2021/12/04 9:14 p.m.β€’26 views

Cross-site Scripting (XSS) - Stored in elgg/elgg

Analysis Hello guys, how are doing? Hope you're having an awesome day πŸ€— Elgg has a functionality for any authenticated user to report pages to the administrators whenever they think that there's something wrong going on with this page. This functionality has an issue, because in order to create a...

3.5CVSS5.8AI score0.00697EPSS
Exploits1
Hacker One
Hacker One
β€’added 2021/09/14 2:50 a.m.β€’13 views

Judge.me : Blind XSS via Feedback form.

Summary: Hi Team, I found Blind XSS which is triggered on the admin panel. I was trying to add widgets on the installation page for default theme. When the installation was done, I saw a question like that Are you happy with how everything looks?. I clicked the No, please remove all widgets butto...

6.1AI score
Exploits0
Huntr
Huntr
β€’added 2021/08/12 3:28 p.m.β€’7 views

Cross-site Scripting (XSS) - Stored in circuitverse/circuitverse

✍️ Description CircuitVerse is a free, open-source platform which allows users to construct digital logic circuits online this app is vulnerable for XSS thru creating projects πŸ•΅οΈβ€β™‚οΈ Proof of Concept πŸ’₯ Impact This vulnerability is capable Steeling cookies of users πŸ“ Location projectscontroller.rbL5...

2.5AI score
Exploits0
Huntr
Huntr
β€’added 2021/03/23 10:10 p.m.β€’10 views

Cross-site Scripting (XSS) - Generic in forkcms/forkcms

✍️ Description A cross-site scripting XSS issue in the Fork version 5.9.3 allows remote attackers to inject JavaScript via the "publishondate" Parameter πŸ•΅οΈβ€β™‚οΈ Proof of Concept Vulnerable parameter: publishondate XSS payload: '"%26%25alert1 Steps to reproduce issue 1- Login to Fork admin panel 2-...

1.2AI score
Exploits0
Prion
Prion
β€’added 2020/12/21 3:15 p.m.β€’21 views

Cross site scripting

DotCMS Add Template with admin panel 20.11 is affected by cross-site Scripting XSS to gain remote privileges. An attacker could compromise the security of a website or web application through a stored XSS attack and stealing cookies using XSS...

3.5CVSS5AI score0.00612EPSS
Exploits1References2Affected Software1
NVD
NVD
β€’added 2020/10/01 2:15 p.m.β€’15 views

CVE-2020-24860

CMS Made Simple 2.2.14 allows an authenticated user with access to the Content Manager to edit content and put persistent XSS payload in the affected text fields. The user can get cookies from every authenticated user who visits the website...

5.4CVSS0.01087EPSS
Exploits3References4
Cvelist
Cvelist
β€’added 2020/09/29 7:6 p.m.β€’42 views

CVE-2020-25761

Projectworlds Visitor Management System in PHP 1.0 allows XSS. The file myform.php does not perform input validation on the request parameters. An attacker can inject javascript payloads in the parameters to perform various attacks such as stealing of cookies,sensitive information etc...

6.2AI score0.01825EPSS
Exploits2References4
Hacker One
Hacker One
β€’added 2020/07/09 6:51 p.m.β€’25 views

Automattic: Stored XSS on app.crowdsignal.com + your-subdomain.survey.fm via Embed Media

Hello there, I found a stored xss vulnerability. Steps: 1. Go to https://app.crowdsignal.com/dashboard 2. Create a quiz. 3. Go to https://app.crowdsignal.com/quizzes/your-quiz-id/question 4. Add Multiple Choice 5. Put a name to answer 1. 6. Click Add media button. F901543 7. Select Embed Media 8...

0.3AI score
Exploits0
Hacker One
Hacker One
β€’added 2020/04/26 5:29 p.m.β€’26 views

Acronis: Reflected XSS on www.grouplogic.com/video.asp

Hello there, I hope you are well! PoC: http://www.grouplogic.com/video.asp?v=Acroxx1%22%3C/script%3E%3Cscript%3Ealertdocument.cookie%3C/script%3EsaE&e=mp4&width=560&height=315 Impact Stealing cookies Best Regards, @mygf...

1AI score
Exploits0
Hacker One
Hacker One
β€’added 2019/11/09 7:42 p.m.β€’143 views

Smule: stored xss in https://www.smule.com

hi team , I found a stored xss in www.smule.com Summary: add summary of the vulnerability The most damaging type of XSS is Stored XSS Persistent XSS. An attacker uses Stored XSS to inject malicious content referred to as the payload, most often JavaScript code, into the target application. If the...

0.3AI score
Exploits0
Veracode
Veracode
β€’added 2019/01/15 8:52 a.m.β€’28 views

Information Disclosure

libcurl is vulnerable to information disclosure. The tailMatch function in cookie.c does not properly matched when sending cookies, allowing remote attackers to steal cookies via a matchign suffix in the domain of the URL...

5CVSS5.6AI score0.04986EPSS
Exploits1References25Affected Software1
Mageia
Mageia
β€’added 2015/05/15 6:23 p.m.β€’53 views

Updated ruby-rest-client packages fix security vulnerabilities

Updated ruby-rest-client packages fix security vulnerability: When Ruby rest-client processes an HTTP redirection response, it blindly passes along the values from any Set-Cookie headers to the redirection target, regardless of domain, path, or expiration. This can be used in a session fixation...

9.8CVSS9.3AI score0.04345EPSS
Exploits0References4
seebug.org
seebug.org
β€’added 2014/07/01 12:0 a.m.β€’14 views

ULoki Community Forum 2.1 - (usercp.php) XSS Vulnerability

No description provided by source. Exploit Title: ULoki Community Forum v2.1 usercp.php Cross Site Scripting Date: 10/02/2010 Author: Sioma Labs Software Link: http://www.uloki.com/download/ulokiforum06may2009.zip Version: v2.1 Tested on: Windows SP 2 / WAMP CVE : Code : / | | | | | \ | |/ | ' ...

7.1AI score
Exploits0
Rows per page
Query Builder