Lucene search
K

531 matches found

Atlassian
Atlassian
added 2013/12/09 4:14 a.m.19 views

DOM XSS in dhtmlHistory.js when using IE

In the createIE function inside dhtmlHistory.js|https://stash.atlassian.com/projects/JIRA/repos/jira/browse/jira-components/jira-webapp/src/main/webapp/includes/lib/dhtmlhistory/dhtmlHistory.js333 the value of the fragment identifier, is concatenated to create the html of an iframe without first...

0.2AI score
Exploits0
OSV
OSV
added 2013/03/19 10:55 p.m.8 views

CVE-2013-1857

The sanitize helper in lib/actioncontroller/vendor/html-scanner/html/sanitizer.rb in the Action Pack component in Ruby on Rails before 2.3.18, 3.0.x and 3.1.x before 3.1.12, and 3.2.x before 3.2.13 does not properly handle encoded : colon characters in URLs, which makes it easier for remote...

5.4AI score
Exploits0References10
CVE
CVE
added 2012/12/27 11:0 a.m.57 views

CVE-2012-6431

CVE-2012-6431 affects Symfony 2.0.x (from 2.0.0 through 2.0.19), where the Routing and Security components mishandle URL-encoded data, allowing a doubly encoded string to bypass URI restrictions. The root cause is a double-decoding flow: UrlMatcher decodes the path again while RequestMatcher does...

6.4CVSS6.6AI score0.01876EPSS
Exploits0References1Affected Software1
exploitpack
exploitpack
added 2012/07/21 12:0 a.m.11 views

X-Cart Gold 4.5 - products_map.php?symb Cross-Site Scripting

X-Cart Gold 4.5 - productsmap.php?symb Cross-Site Scripting Exploit Title: X-Cart Gold 4.5 productsmap.php symb parameter XSS Vulnerability Date: Jul 21 2012 Author: muts Version: X-Cart Gold 4.5 Vendor URL: http://www.x-cart.com/ X-Cart Gold implements a degree of XSS filtering but it is...

6.8AI score
Exploits0
Exploit DB
Exploit DB
added 2012/07/21 12:0 a.m.30 views

X-Cart Gold 4.5 - 'products_map.php?symb' Cross-Site Scripting

Exploit Title: X-Cart Gold 4.5 productsmap.php symb parameter XSS Vulnerability Date: Jul 21 2012 Author: muts Version: X-Cart Gold 4.5 Vendor URL: http://www.x-cart.com/ X-Cart Gold implements a degree of XSS filtering but it is incomplete. The "symb" parameter of "productsmap.php" is vulnerable...

7.4AI score
Exploits0
0day.today
0day.today
added 2012/07/20 12:0 a.m.22 views

X-Cart Gold 4.5 (products_map.php symb parameter) XSS Vulnerability

Exploit for php platform in category web applications Exploit Title: X-Cart Gold 4.5 productsmap.php symb parameter XSS Vulnerability Date: Jul 21 2012 Author: muts Version: X-Cart Gold 4.5 Vendor URL: http://www.x-cart.com/ X-Cart Gold implements a degree of XSS filtering but it is incomplete. T...

7.1AI score
Exploits0
NVD
NVD
added 2012/07/16 10:28 a.m.27 views

CVE-2011-4290

Multiple cross-site scripting XSS vulnerabilities in lib/weblib.php in Moodle 1.9.x before 1.9.12 allow remote attackers to inject arbitrary web script or HTML via vectors related to URL encoding...

4.3CVSS5.6AI score0.01197EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2012/07/16 10:28 a.m.14 views

CVE-2011-4290

Multiple cross-site scripting XSS vulnerabilities in lib/weblib.php in Moodle 1.9.x before 1.9.12 allow remote attackers to inject arbitrary web script or HTML via vectors related to URL encoding...

4.3CVSS5.9AI score0.01197EPSS
Exploits0References1
Prion
Prion
added 2012/07/16 10:28 a.m.25 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in lib/weblib.php in Moodle 1.9.x before 1.9.12 allow remote attackers to inject arbitrary web script or HTML via vectors related to URL encoding...

4.3CVSS6AI score0.01197EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2012/07/16 10:0 a.m.26 views

CVE-2011-4290

Multiple cross-site scripting XSS vulnerabilities in lib/weblib.php in Moodle 1.9.x before 1.9.12 allow remote attackers to inject arbitrary web script or HTML via vectors related to URL encoding...

5.6AI score0.01197EPSS
Exploits0References3
CVE
CVE
added 2012/07/16 10:0 a.m.64 views

CVE-2011-4290

CVE-2011-4290 involves Moodle 1.9.x before 1.9.12. The vulnerability is in the file lib/weblib.php (Moodle’s web library) and results from issues with URL encoding that enable multiple cross-site scripting (XSS) flaws. Exploitation allows remote attackers to inject arbitrary script/HTML. The docu...

4.3CVSS5.7AI score0.01197EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2012/07/16 12:0 a.m.5 views

PT-2012-1838 · Moodle · Moodle

Name of the Vulnerable Software and Affected Versions: Moodle versions 1.9.x through 1.9.11 Description: The issue concerns multiple cross-site scripting XSS vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML. The vulnerabilities are related to UR...

4.3CVSS5.8AI score0.01197EPSS
Exploits0References5
OpenVAS
OpenVAS
added 2011/08/03 12:0 a.m.35 views

Debian: Security Advisory (DSA-2262-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.8CVSS9.7AI score0.02118EPSS
Exploits0References3
securityvulns
securityvulns
added 2011/06/19 12:0 a.m.48 views

[SECURITY] [DSA 2262-1] moodle security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2262-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff June 15, 2011 http://www.debian.org/security/faq -...

1.7AI score
Exploits0
OSV
OSV
added 2011/06/16 12:0 a.m.37 views

DSA-2262-1 moodle - several

Bulletin has no description...

6.8CVSS6.2AI score0.02118EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2011/06/16 12:0 a.m.17 views

Debian DSA-2262-1 : moodle - several vulnerabilities

Several cross-site scripting and information disclosure issues have been fixed in Moodle, a course management system for online learning : - MSA-11-0002 Cross-site request forgery vulnerability in RSS block - MSA-11-0003 Cross-site scripting vulnerability in tag autocomplete - MSA-11-0008 IMS...

4.9AI score
Exploits0References8
Debian
Debian
added 2011/06/15 8:45 p.m.20 views

[SECURITY] [DSA 2262-1] moodle security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2262-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff June 15, 2011 http://www.debian.org/security/faq -...

6.2AI score
Exploits0
myhack58
myhack58
added 2010/10/04 12:0 a.m.18 views

ecshop modify any user password vulnerability XSS exploit-vulnerability warning-the black bar safety net

Currently ecshop presence of the reflection typeXSS, you can use, if the secondary development existXSSor other CSRF problem, then use more. Once encountered this problem, slightly affected by its damage) ByXSSstructure post submission of personal information is modified, the modification is...

0.1AI score
Exploits0
Packet Storm
Packet Storm
added 2010/09/16 12:0 a.m.26 views

Axigen Webmail 7.4.1 Directory Traversal

We are continuing with the list of security vulnerabilities found in a number of web applications while testing our latest version of Acunetix WVS v7 . In this blog post, we will look into the details of a very serious web vulnerability discovered by Acunetix WVS in Axigen. "Axigen is an integrat...

Exploits0
OpenVAS
OpenVAS
added 2009/06/23 12:0 a.m.24 views

Ubuntu: Security Advisory (USN-788-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5CVSS5AI score0.9444EPSS
Exploits8References2
Rows per page
Query Builder