Apache Struts Remote Code Execution Vulnerability

Apache Struts contains a vulnerability that allows for remote code execution under two circumstances. One, where the alwaysSelectFullNamespace option is true and the value isn't set for a result defined in underlying configurations and in same time, its upper package configuration have no or...

GHSA-CR6J-3JP9-RW65 Apache Struts vulnerable to remote command execution (RCE) due to improper input validation

Apache Struts contains a Remote Code Execution when using results with no namespace and it's upper actions have no or wildcard namespace. The same flaw exists when using a url tag with no value, action set, and it's upper actions have no or wildcard namespace...

Remote Code Execution (RCE)

struts2-core is vulnerable to remote code execution RCE attacks. These attacks are possible when using a namespace or url tag which doesn't have a value and action set and where its upper action configuration is using a wildcard namespace or has no namespace...

CVE-2018-11776

Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible Remote Code Execution when alwaysSelectFullNamespace is true either by user or a plugin like Convention Plugin and then: results are used with no namespace and in same time, its upper package have no or wildcard namespace...

CVE-2018-11776

Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible Remote Code Execution when alwaysSelectFullNamespace is true either by user or a plugin like Convention Plugin and then: results are used with no namespace and in same time, its upper package have no or wildcard namespace...

CVE-2017-11651

NexusPHP V1.5 has XSS via a javascript: or data: URL in a UBBCode url tag...

Koobi 5.0 BBCode URL Tag Script Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/16078/info Koobi is prone to a script injection vulnerability. An attacker can nest BBCode URL tags to trigger this issue and execute arbitrary code in a user's browser. Attacker-supplied HTML and script code would be abl...

[KAPDA]MyBB 1.1.4~function_post.php~XSS Attack In URL tag

ORIGINAL ADVISORY: http://kapda.ir/page-advisory.html http://myimei.com/security/2006-06-22/mybb-114-functionpostphpxss-attack-in-url-tag.html ——————–Summary—————- Software: MyBB Sowtware’s Web Site: http://www.mybboard.com Versions: 1.1.3 Class: Remote Status: Patched Exploit: Available Discover...

Cross site scripting

Cross-site scripting XSS vulnerability in fce.php in UKiBoard 3.0.1 allows remote attackers to inject arbitrary web script or HTML via a BBCode url tag when using the showpost function. NOTE: the provenance of this information is unknown; the details are obtained solely from third party...

Cross site scripting

Cross-site scripting XSS vulnerability in Scriptme SmE GB Host 1.21 and SmE Blog Host allows remote attackers to inject arbitrary web script or HTML via the BBcode url tag...

CVE-2006-0661

The CVE-2006-0661 entry concerns a Cross-Site Scripting (XSS) vulnerability in Scriptme SmE GB Host 1.21 and SmE Blog Host, exploitable via the BBcode [url] tag to inject arbitrary script/HTML. Affected components: Scriptme SmE GB Host 1.21 and SmE Blog Host. Root cause and impact: XSS allowing r...

Cross site scripting

Cross-site scripting XSS vulnerability in aoblogger 2.3 allows remote attackers to inject arbitrary Javascript via a javascript URI in the BBcode url tag...