CVE-2023-40311 Stored XSS in multiple JSP files in opennms/opennms

Multiple stored XSS were found on different JSP files with unsanitized parameters in OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2 on multiple platforms that allow an attacker to store on database and then load on JSPs or Angular templates. The solution is to upgrade to Meridian 2023.1....

Buys and refunds can get stuck forever if the parameters are not set sensibly in the LPDA

Lines of code Vulnerability details Impact In the LPDA contract, there is a function called getPrice which returns the price of one token by taking into account the drop in price per second of the Dutch auction. It basically calculates how much time was elapsed since the start of the sale, to...

Montala Limited ResourceSpace Arbitrary File Deletion (CVE-2021-41950)

An arbitrary file deletion vulnerability exists in ResourceSpace by Montala Limited. The vulnerability is due to unsanitized parameters used in the titles.php page...

CVE-2021-29393

Remote Code Execution in cominput.jsp and comoutput.jsp in Northstar Technologies Inc NorthStar Club Management 6.3 allows remote unauthenticated users to inject and execute arbitrary system commands via the unsanitized user-controlled "command" and "commandvalues" parameters...

CVE-2021-25959

In OpenCRX, versions v4.0.0 through v5.1.0 are vulnerable to reflected Cross-site Scripting XSS, due to unsanitized parameters in the password reset functionality. This allows execution of external javascript files on any user of the openCRX instance...

CVE-2021-25959 OpenCRX - Reflected Cross-Site Scripting in Password Reset Functionality

In OpenCRX, versions v4.0.0 through v5.1.0 are vulnerable to reflected Cross-site Scripting XSS, due to unsanitized parameters in the password reset functionality. This allows execution of external javascript files on any user of the openCRX instance...

Cross-site Scripting (XSS)

ovirt-engine is vulnerable to cross-site scripting XSS. The vulnerability exists as it displays and executes unsanitized user controlled parameters...

WordPress Easy Social Share Buttons 3.2.5 XSS

FULL DISCLOSURE Product :Easy Social Share Buttons for WordPress Exploit Author : Rahul Pratap Singh Version :3.2.5 Home page Link : http://codecanyon.net/item/easy-social-share-buttons-for-wordpress/6394476 Website : 0x62626262.wordpress.com Linkedin : https://in.linkedin.com/in/rahulpratapsingh...

WeBid 1.0.6 - SQL Injection Vulnerability

No description provided by source. Exploit Title: WeBid 1.0.6 SQL Injection Vulnerability Google Dork: Powered by WeBid Date: 1/9/13 Exploit Author: Life Wasted Vendor Homepage: http://www.webidsupport.com/ Version: Tested on 1.0.6, but could affect other version Tested On: Linux, Windows...