6 matches found
Cross-site Scripting (XSS)
jquery.terminal is vulnerable to cross-site scripting. The use of execHash option code from URL allows an attacker to execute malicious code via URL. Note: Javascript attribute used is added to span tag , therefore allowing no automatic execution like with onerror...
CVE-2018-5705
Reservo Image Hosting 1.6 is vulnerable to XSS attacks. The affected function is its search engine the t parameter to the /search URI. Since there is an user/admin login interface, it's possible for attackers to steal sessions of users and thus admins. By sending users an infected URL, code will ...
CVE-2017-15714
The BIRT plugin in Apache OFBiz 16.11.01 to 16.11.03 does not escape user input property passed. This allows for code injection by passing that code through the URL. For example by appending this code "format=%27;alert%27xss%27" to the URL an alert window would execute...
Facebook Status Update With XFBML Injection
Facebook Status Update With XFBML Injection i Last week Acizninja DeadcOde share Tweaking Facebook Status with HTML button. Well today he is going to share another kind of cool tricks to tweak Facebook Status Update using XFBML Injection. With this tweak, we will do an injection on Facebook URL a...
Tweaking Facebook Status with HTML button
Tweaking Facebook Status with HTML button Have you thought that Facebook status updates that can be modified ? Yes we have a tweak for you : One is a Button Tag. One of our Hacker Friend "Acizninja DeadcOde " , admin of https://blog.cyber4rt.com sharing such cool tweaks with The Hacker News reade...
phpBB Random User Registration Number 1.0 Mod Inclusion Vulnerability
phpBB RANDOm USER REGISTRATION NUMBER 1.0 File Include Vulnerability - bd0rk || SOH-Crew - URL: http://www.nivisec.com/downloads/phpbb/randomimageregisterv100.zip - Code: include$phpbbrootpath . 'language/lang' . $boardconfig'defaultlang' . '/langrandomnumreg.' . $phpEx; + Exploit:...