13 matches found
XSS vulnerability in In-Portal CMS
Hello 3APA3A! After I informed developers in August about multiple vulnerabilities in In-Portal CMS and they answered they would fix them soon so wait for disclosure of the first vulnerabilities, I found new hole in this CMS at their official site. This is Cross-Site Scripting vulnerability in...
In-Portal CMS Cross Site Scripting
Hello list! After I informed developers in August about multiple vulnerabilities in In-Portal CMS and they answered they would fix them soon so wait for disclosure of the first vulnerabilities, I found new hole in this CMS at their official site. This is Cross-Site Scripting vulnerability in...
WordPress WP-Cumulus Plugin 1.x 'tagcloud.swf' Cross-Site Scripting Vulnerability
No description provided by source. !/usr/bin/env python coding=utf-8 import md5 import urllib2 from pocsuite.api.request import req from pocsuite.api.poc import register from pocsuite.api.poc import Output, POCBase ''' 位置:...
New XSS vulnerability in WP-Cumulus for WordPress and multiple web applications and millions web sites
Hello 3APA3A! I want to warn you about new Cross-Site Scripting vulnerability in WP-Cumulus for WordPress and multiple web applications and millions web sites. Earlier I wrote about XSS vulnerability in WP-Cumulus, which I've disclosed in 2009 http://securityvulns.com/Wdocument842.html, and many...
Tumulus For Typepad Cross Site Scripting
------------------------- Affected products: ------------------------- Vulnerable are all versions of widget Tumulus for Typepad. ---------- Details: ---------- This XSS is similar to XSS vulnerability in WP-Cumulus, because it's using tagcloud.swf made by author of WP-Cumulus. About such...
Уязвимость в MT-Cumulus для Movable Type
Здравствуйте 3APA3A! Сообщаю вам о Cross-Site Scripting уязвимости в плагине MT-Cumulus для Movable Type. Данная XSS уязвимость идентична XSS уязвимости в WP-Cumulus, т.к. приложение использует tagcloud.swf разработанный автором WP-Cumulus. Про миллионы флешек tagcloud.swf уязвимых к XSS атакам я...
sfWpCumulusPlugin For Symphony Cross Site Scripting
Hello list! I want to warn you about Cross-Site Scripting vulnerability in plugin sfWpCumulusPlugin for symfony. ------------------------- Affected products: ------------------------- Vulnerable are all versions of sfWpCumulusPlugin. ---------- Details: ---------- This XSS is similar to XSS...
Уязвимость в Cumulus для Drupal
Здравствуйте 3APA3A! Сообщаю вам о Cross-Site Scripting уязвимости Cumulus для Drupal. Данная XSS уязвимость идентична XSS уязвимости в WP-Cumulus, т.к. приложение использует tagcloud.swf разработанный автором WP-Cumulus. Про миллионы флешек tagcloud.swf уязвимых к XSS атакам я упоминал в своей...
B-Cumulus Cross Site Scripting
Hello list! I want to warn you about Cross-Site Scripting vulnerability in b-cumulus. It's widget for Blogger, which is also using at separate sites. SecurityVulns ID: 11353. ------------------------- Affected products: ------------------------- Vulnerable are all versions of b-cumulus. ---------...
Vulnerability in 3D user cloud for Joomla
Здравствуйте 3APA3A! Сообщаю вам о Cross-Site Scripting уязвимости в модуле 3D user cloud moddemocbusr3dcloud, modcbusr3dcloud и modusr3dcloud для Joomla. Данная XSS уязвимость идентична XSS уязвимости в WP-Cumulus и других веб приложениях, о которых я уже сообщал, т.к. приложение использует...
Cumulus Widget For BlogEngine.NET Cross Site Scripting
Hello Full-Disclosure! I want to warn you about security vulnerability in widget Cumulus for BlogEngine.NET. ----------------------------- Advisory: Vulnerability in widget Cumulus for BlogEngine.NET ----------------------------- URL: http://websecurity.com.ua/4184/ -----------------------------...
CVE-2009-4168
CVE-2009-4168 is an XSS in Roy Tanck tagcloud.swf used by WP-Cumulus plugin (WordPress) and Joomulus module; tagcloud parameter in a tags action enables remote script/HTML injection. Affected: WP-Cumulus before 1.23 and Joomulus 2.0 and earlier. Root cause: tagcloud.swf parameter handling allows ...
CVE-2009-4168
Cross-site scripting XSS vulnerability in Roy Tanck tagcloud.swf, as used in the WP-Cumulus plugin before 1.23 for WordPress and the Joomulus module 2.0 and earlier for Joomla!, allows remote attackers to inject arbitrary web script or HTML via the tagcloud parameter in a tags action. Cross-site...