OWASP Security Shepherd - Web And Mobile Application Security Training Platform

The OWASP Security Shepherd Project is a web and mobile application security training platform. Security Shepherd has been designed to foster and improve security awareness among a varied skill-set demographic. The aim of this project is to take AppSec novices or experienced engineers and sharpen...

CodoForum Cross-Site Scripting Vulnerability

Codoforum is a free PHP and MySQL based forum software. Stored cross-site scripting vulnerabilities exist in Codoforum version 3.4 at topic comment replies, which stem from the program failing to adequately filter user-submitted input. An attacker can exploit these vulnerabilities to steal...

Automattic: [bbPress] Stored XSS in any forum post.

Intro: Encouraged by the success of cure53 and their reward, i start the research plugins in your scope. And almost immediately i found critical Stored XSS, which of course leeds to privelege escalation or PHP code execution. This vulnerability doesnt requres "special" preveleges like...

marketsmith.com XSS vulnerability

Vulnerable URL: http://www.marketsmith.com/Support/Topic.aspx?referrer=%3C/title%3E%3C/script/%22-alert%280%29-%22--%3E%22%3E%3Csvg/onload=prompt%28/OPENBUGBOUNTY/%29%3E Details: Description| Value ---|--- Patched:| Yes, at Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa...

CVE-2016-1596

Multiple cross-site scripting XSS vulnerabilities in Micro Focus Novell Service Desk before 7.2 allow remote authenticated users to inject arbitrary web script or HTML via a certain 1 user name, 2 tfaClientFirstName, 3 tfaClientLastName, 4 taselectedTopicContent, 5 tforgUnitName, 6...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Micro Focus Novell Service Desk before 7.2 allow remote authenticated users to inject arbitrary web script or HTML via a certain 1 user name, 2 tfaClientFirstName, 3 tfaClientLastName, 4 taselectedTopicContent, 5 tforgUnitName, 6...

lab.vodafone.it XSS vulnerability

Vulnerable URL: http://lab.vodafone.it/forum/viewtopic.php?f=18=8374=45&d6a;=...

hottopic.com XSS vulnerability

Vulnerable URL: http://www.hottopic.com/product/dc-comics-batman-robin-for-president-t-shirt/10534761.html Details: Description| Value ---|--- Patched:| Yes, at 28.12.2016 Latest check for patch:| 28.12.2016 12:58 GMT Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank|...

Advanced Electron Forum 1.0.9 - Cross-Site Request Forgery

Exploit for php platform in category web applications + Credits: hyp3rlinx Vendor: ============================= www.anelectron.com/downloads/ Product: ==================================== Advanced Electron Forum v1.0.9 AEF Exploit patched current version. Vulnerability Type: ===================...

SimpleBB 4.2 Shell Upload

SimpleBB 4.2 + All ver upload Vulnerability ========================================== Author : indoushka Vondor : http://themeforest.net/item/simple-bulletin-board/58838?ref=themac Dork : SBB V4.2 ========================= 1 register in forum 2 Creat a new topic 3 Attachment a php file to downol...

XSRF check failure when trying to add a logo to a topic

h3. Steps to reproduce Create a topic in Confluence Questions. Select an image as a logo. Click Done. h3. Expected results The topic is created with the chosen logo. h3. Actual results The topic is created, but with the default tag logo. h3. Notes The same thing occurs when trying to add a logo t...

focused Web Crawler: ACHE

ACHE is a focused Web crawler that can be customized to search for pages the belong to a given topic or have a given property. To configure ACHE, you need to: define a topic of interest e.g., Ebola, terrorism, cooking recipes; create a model to detect Web pages that belong to this topic; and...

Restricted Question topic can be seen by restricted users

Bug Description As describe in a new feature available for Confluence questions: quote Use your existing space permissions - only people who can view the space can search for and see questions that were asked there.quote This will cause misunderstanding as users might think that Questions topics...

CVE-2015-2677

Multiple cross-site scripting XSS vulnerabilities in ocPortal before 9.0.17 allow remote authenticated users to inject arbitrary web script or HTML via the 1 title or 2 text field in the cmscalendar page to cms/index.php; unspecified fields in 3 the cmspolls page to cms/index.php or 4 a new topic...

Concrete CMS: Stored XSS in Title of the topic List

Xss payload saved permanently in Title of the topic List. Poc : "...

CVE-2015-1058

Multiple cross-site scripting XSS vulnerabilities in AdaptCMS 3.0.3 allow remote attackers to inject arbitrary web script or HTML via the 1 dataCategorytitle parameter to admin/categories/add, 2 dataFieldtitle parameter to admin/fields/ajaxfields/, 3 name property in a basicInfo JSON object to...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in AdaptCMS 3.0.3 allow remote attackers to inject arbitrary web script or HTML via the 1 dataCategorytitle parameter to admin/categories/add, 2 dataFieldtitle parameter to admin/fields/ajaxfields/, 3 name property in a basicInfo JSON object to...

CVE-2015-1058

Multiple cross-site scripting XSS vulnerabilities in AdaptCMS 3.0.3 allow remote attackers to inject arbitrary web script or HTML via the 1 dataCategorytitle parameter to admin/categories/add, 2 dataFieldtitle parameter to admin/fields/ajaxfields/, 3 name property in a basicInfo JSON object to...

CVE-2014-9438

Cross-site request forgery CSRF vulnerability in the Moderator Control Panel in vBulletin 4.2.2 allows remote attackers to hijack the authentication of administrators for requests that 1 ban a user via the username parameter in a dobanuser action to modcp/banning.php or 2 unban a user, 3 modify...

Esotalk CMS 1.0.0g4 - Cross-Site Scripting

Esotalk CMS 1.0.0g4 - Cross-Site Scripting / Exploit Title: esotalk cms topics xss vulnerability Google Dork: powered by esotalk Date: 2014-11-01 Vul Author: Evi1m0ff0000team Vul Advisory: http://www.hackersoul.com/post/ff0000-hsdb-0006.html Vendor Homepage: http://esotalk.org/ Software Link:...