119 matches found
YetiForceCrm 跨站脚本漏洞
YetiForceCrm is an open source Crm system from the Polish company YetiForce. A cross-site scripting vulnerability exists in versions of YetiForceCrm prior to 6.4.0, which stems from a link field that allows users to create RSS feeds without properly sanitizing the input data from an external...
Malicious code in syndication-templates (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1d1bc55bcb56f68bef6949a6b60ac49ec1b4039e609d7489b9fdae072db22c3f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-6391 Malicious code in syndication-templates (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1d1bc55bcb56f68bef6949a6b60ac49ec1b4039e609d7489b9fdae072db22c3f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2022-29969
The RSS extension before 2022-04-29 for MediaWiki allows XSS via an rss element if the feed is in $wgRSSUrlWhitelist and $wgRSSAllowLinkTag is true...
WordPress syndication-links plugin cross-site scripting vulnerability
WordPress is the WordPress Foundation's set of blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. syndication-links is used in one of the page links to add plug-ins. WordPress syndication-links plugin version 1.0.3 before the...
CVE-2015-9495
The syndication-links plugin before 1.0.3 for WordPress has XSS via the genericons/example.html anchor identifier...
Design/Logic Flaw
The syndication-links plugin before 1.0.3 for WordPress has XSS via the genericons/example.html anchor identifier...
CVE-2015-9495
The syndication-links plugin before 1.0.3 for WordPress has XSS via the genericons/example.html anchor identifier...
CVE-2015-9495
The CVE-2015-9495 vulnerability affects the WordPress plugin syndication-links up to version 1.0.2 (before 1.0.3). The root cause is an XSS flaw via the genericons/example.html anchor identifier, enabling injection of client-side script in the browser. Impact is described as partial integrity imp...
PT-2019-12278 · Microsoft · Blogengine.Net
Name of the Vulnerable Software and Affected Versions: BlogEngine.NET versions 3.3.7 and earlier Description: The issue allows for an out-of-band XML External Entity XXE attack via an apml file to the "syndication.axd" API endpoint. This can potentially lead to unauthorized access to sensitive...
MyBB 1.8.17 - Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: MyBB 1.8.17 - Cross-Site Scripting Author: 0xB9 Twitter: @0xB9Sec Contact: 0xB9atpm.me Software Link: https://mybb.com/download/ Version: 1.8.17 Tested on: Ubuntu 18.04 CVE: CVE-2018-15596 1. Description: On the forum RSS...
MyBB 1.8.17 Cross Site Scripting
Exploit Title: MyBB 1.8.17 - Cross-Site Scripting Date: 2018-08-11 Author: 0xB9 Twitter: @0xB9Sec Contact: 0xB9atpm.me Software Link: https://mybb.com/download/ Version: 1.8.17 Tested on: Ubuntu 18.04 CVE: CVE-2018-15596 1. Description: On the forum RSS Syndication page you can generate a URL for...
MyBB 1.8.17 - Cross-Site Scripting
MyBB 1.8.17 - Cross-Site Scripting Exploit Title: MyBB 1.8.17 - Cross-Site Scripting Date: 2018-08-11 Author: 0xB9 Twitter: @0xB9Sec Contact: 0xB9atpm.me Software Link: https://mybb.com/download/ Version: 1.8.17 Tested on: Ubuntu 18.04 CVE: CVE-2018-15596 1. Description: On the forum RSS...
MyBB 1.8.17 - Cross-Site Scripting
Exploit Title: MyBB 1.8.17 - Cross-Site Scripting Date: 2018-08-11 Author: 0xB9 Twitter: @0xB9Sec Contact: 0xB9atpm.me Software Link: https://mybb.com/download/ Version: 1.8.17 Tested on: Ubuntu 18.04 CVE: CVE-2018-15596 1. Description: On the forum RSS Syndication page you can generate a URL for...
CVE-2018-15596
An issue was discovered in inc/classfeedgeneration.php in MyBB 1.8.17. On the forum RSS Syndication page, one can generate a URL such as http://localhost/syndication.php?fid=&type=atom1.0&limit=15. The thread titles within title elements of the generated XML documents aren't sanitized, leading to...
CVE-2018-15596
An issue was discovered in inc/classfeedgeneration.php in MyBB 1.8.17. On the forum RSS Syndication page, one can generate a URL such as http://localhost/syndication.php?fid=&type=atom1.0&limit=15. The thread titles within title elements of the generated XML documents aren't sanitized, leading to...
Cross site scripting
An issue was discovered in inc/classfeedgeneration.php in MyBB 1.8.17. On the forum RSS Syndication page, one can generate a URL such as http://localhost/syndication.php?fid=&type=atom1.0&limit=15. The thread titles within title elements of the generated XML documents aren't sanitized, leading to...
CVE-2018-15596
CVE-2018-15596 affects MyBB 1.8.17 via the RSS Syndication page where inc/class_feedgeneration.php generates XML with thread titles that are not sanitized, enabling Cross-Site Scripting (XSS). The vulnerability arises from unsanitized title elements in the Atom/RSS feed generated at /syndication....
CVE-2018-15596
An issue was discovered in inc/classfeedgeneration.php in MyBB 1.8.17. On the forum RSS Syndication page, one can generate a URL such as http://localhost/syndication.php?fid=&type=atom1.0&limit=15. The thread titles within title elements of the generated XML documents aren't sanitized, leading to...
Mozilla: Local path string can be leaked from RSS feed
Crafted CSS in an RSS feed can leak and reveal local path strings, which may contain user name. This vulnerability affects Thunderbird 52.5.2...