11 matches found
Wing FTP 6.4.4 - Cross-Site Scripting
Wing FTP 6.4.4 is vulnerable to cross-site scripting via its web interface because an arbitrary IFRAME element can be included in the help pages via a crafted link, leading to the execution of sandboxed arbitrary HTML and JavaScript in the user's browser. id: CVE-2020-27735 info: name: Wing FTP...
WordPress All-in-One WP Migration <=7.62 - Cross-Site Scripting
WordPress All-in-One WP Migration plugin 7.62 and prior contains a cross-site scripting vulnerability. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials a...
Reprise License Manager 14.2 - Cross-Site Scripting
Reprise License Manager 14.2 contains a cross-site scripting vulnerability in the /goform/activateprocess "count" parameter via GET. id: CVE-2021-45422 info: name: Reprise License Manager 14.2 - Cross-Site Scripting author: edoardottt severity: medium description: | Reprise License Manager 14.2...
CVE-2020-5270
In PrestaShop between versions 1.7.6.0 and 1.7.6.5, there is an open redirection when using back parameter. The impacts can be many, and vary from the theft of information and credentials to the redirection to malicious websites containing attacker-controlled content, which in some cases even cau...
Yelp: CORS Misconfiguration on Yelp
Entry An cross-origin resource sharing CORS policy controls whether and how content running on other domains can perform two-way interaction with the domain that publishes the policy. The policy is fine-grained and can apply access controls per-request based on the URL and other features of the...
U.S. Dept Of Defense: Reflected XSS on https://█████
Summary: Reflected xss can use to steal user information because it is coming from trusted website. an user can easily trust it and attacker can easily steal user information Steps To Reproduce: 1. go to https://████?profileid=%22%3E%3C/script%3E%3Cscript%3Ealert%27xss%27%3C/script%3E 2. you will...
CVE-2020-26219
touchbase.ai before version 2.0 is vulnerable to Open Redirect. Impacts can be many, and vary from theft of information and credentials, to the redirection to malicious websites containing attacker-controlled content, which in some cases even cause XSS attacks. So even though an open redirection...
Open redirect
touchbase.ai before version 2.0 is vulnerable to Open Redirect. Impacts can be many, and vary from theft of information and credentials, to the redirection to malicious websites containing attacker-controlled content, which in some cases even cause XSS attacks. So even though an open redirection...
Open redirect
In PrestaShop between versions 1.7.6.0 and 1.7.6.5, there is an open redirection when using back parameter. The impacts can be many, and vary from the theft of information and credentials to the redirection to malicious websites containing attacker-controlled content, which in some cases even cau...
Flexense Disksavvy 10.7 Cross Site Scripting
Description: URL: localhost/ Affected Component: /?n0ipr0csalert'XSS'n0ipr0cs=1 Vulnerability Type: Cross Site Scripting https://cwe.mitre.org/data/definitions/79.html Vendor of Product: Flexense Disksavvy Version: from v10.4 to v10.7. Attack Type: Remote Impact: This attack allows an attacker co...
PostNuke Phoenix 0.760 RC3 - 'SID' SQL Injection
source: https://www.securityfocus.com/bid/13077/info A remote SQL Injection vulnerability affects PostNuke Phoenix. This issue is due to a failure of the application to properly sanitize user-supplied input prior to including it in SQL queries. An attacker may exploit this issue to manipulate SQL...