XenForo 2.2.15 Cross Site Request Forgery Vulnerability

------------------------------------------------------------------------------- XenForo = 2.2.15 Widget::actionSave Cross-Site Request Forgery Vulnerability ------------------------------------------------------------------------------- - Software Link: https://xenforo.com - Affected Versions:...

Social Slider Feed < 2.0.5 - Subscriber+ Arbitrary API Key Update to Stored XSS

The plugin does not have authorisation and CSRF check in place when saving the YouTube API Key, and does not sanitise as well as escape it. As a result, users with a role as low as subscriber could change it, including setting it with Stored Cross-Site Scripting payloads in it As any authenticate...

WordPress F/T/G Social Widgets 1.3.7 Cross Site Scripting Vulnerability

Exploit for php platform in category web applications Title: WordPress 'Facebook, Twitter & Google+ Social Widgets' Plugin Version: 1.3.7 Author: Morten Nørtoft, Kenneth Jepsen & Mikkel Vej Date: 2015-06-15 Download: - https://wordpress.org/plugins/facebook-twitter-google-social-widgets/ -...

JIRA 4.4.3, GreenHopper < 5.9.8 Multiple Vulnerabilities

Exploit for jsp platform in category web applications CVE-2012-1500, Stored XSS in JIRA v4.4.3663-r165197, GreenHopper Resolved in Version 5.9.8, Proof of Concept External References: CVE-2112-1500 CVE-2112-1500 XSS.Cx Blog GHS-5642 Reported to Vendor on Mar 7, 2012, Resolved 8/22/2012 XSS.Cx...