9 matches found
EUVD-2021-20523
Malware in sbrugna...
X2Engine X2CRM Cross-Site Scripting Vulnerability
X2Engine X2CRM is an application from X2Engine USA, Inc. a next-generation social selling application for small and medium-sized businesses. X2Engine X2CRM version 8.0 contains a cross-site scripting vulnerability that stems from the program's lack of data validation filtering of user-supplied da...
CVE-2021-33853
A Cross-Site Scripting XSS attack can cause arbitrary code javascript to run in a user’s browser while the browser is connected to a trusted website. As the vehicle for the attack, the application targets the users and not the application itself. Additionally, the XSS payload is executed when the...
Cross site scripting
A Cross-Site Scripting XSS attack can cause arbitrary code javascript to run in a user’s browser while the browser is connected to a trusted website. As the vehicle for the attack, the application targets the users and not the application itself. Additionally, the XSS payload is executed when the...
Cross-site Scripting (XSS) - Stored in tsolucio/corebos
Description Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites Proof of Concept Step to Reproduce: 1 Go to http://demo.corebos.com/index.php?module=Users&action=DetailView&record=1&modechk=prefview 2 add the...
U.S. Dept Of Defense: Reflected XSS on https://█████
Summary: Reflected xss can use to steal user information because it is coming from trusted website. an user can easily trust it and attacker can easily steal user information Steps To Reproduce: 1. go to https://████?profileid=%22%3E%3C/script%3E%3Cscript%3Ealert%27xss%27%3C/script%3E 2. you will...
GHSA-2R3V-Q9X3-7G46 Link injection in SimpleSAMLphp
Background Several scripts part of SimpleSAMLphp display a web page with links obtained from the request parameters. This allows us to enhance usability, as the users are presented with links they can follow after completing a certain action, like logging out. Description The following scripts we...
Open redirect
IBM Emptoris Supplier Lifecycle Management 10.0.x and 10.1.x could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to...
Opera Web Browser for Android Address Bar Message Forgery Vulnerability
Opera Web Browser for Android is an Android-based web browser developed by the Norwegian company Opera Software, which supports multi-window browsing, customizable user interface, and more. An address bar message forgery vulnerability exists in Opera Web Browser for Android version...