CVE-2023-48565

Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting DOM-based XSS vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the...

The settings of repositories is vulnerable to CSRF

Description The malicious user can change the settings of repository by sending the URL to the victim. Proof of Concept 1.Login into the application https://rdiffweb-demo.ikus-soft.com/settings/admin/test-encoding . 2.Go to test-encoding. 3.Check that the value of remove older is forever. 4.Open...

CVE-2022-36270

Clinic's Patient Management System v1.0 has arbitrary code execution via url: ip/pms/users.php...

Photo Gallery < 1.7.1 - Reflected Cross-Site Scripting

The plugin does not escape some URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting When the plugin displays a notice: https://example.com/wp-admin/plugins.php?"alert/XSS/...

Ocean Extra < 1.9.5 - Reflected Cross-Site Scripting

The plugin does not escape generated links which are then used when the OceanWP theme is active, leading to a Reflected Cross-Site Scripting issue https://example.com/wp-admin/?step=demo&page=owpsetup&a"alert/XSS/...

CVE-2020-20943

A Cross-Site Request Forgery CSRF in /member/post.php?job=postnew&step=post of Qibosoft v7 allows attackers to force victim users into arbitrarily publishing new articles via a crafted URL...

CVE-2021-36062

Adobe Connect version 11.2.2 and earlier is affected by a Reflected Cross-site Scripting vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious...

OpenText Content Server 20.3 - multiple Stored Cross-Site Scripting Vulnerabilities

Exploit Title: OpenText Content Server 20.3 - 'multiple' Stored Cross-Site Scripting Exploit Author: Kamil Breński Vendor Homepage: https://www.opentext.com/ Software Link: https://www.opentext.com/products-and-solutions/products/enterprise-content-management/content-management Version: 20.3...

Design/Logic Flaw

An issue was discovered in Quali CloudShell 9.3. An XSS vulnerability in the login page allows an attacker to craft a URL, with a constructor.constructor substring in the username field, that executes a payload when the user visits the /Account/Login page...

Open Redirection

apostrophe is vulnerable to open redirection. A lack of validation in the URL allows a remote attacker to redirect requests to a malicious site using trailing / appended at the end of the URL...

Directory Traversal

fbr-client is vulnerable to directory traversal attacks. The attacks are possible by requesting a URL such as /..%2f..%2fetc/passwd to get sensitive information...

de.kompass.com XSS vulnerability

Vulnerable URL: http://de.kompass.com/searchCompanies?searchType=SUPPLIER='"--alert/XSSPOSED/...

bahlsen.de XSS vulnerability

Vulnerable URL: http://www.bahlsen.de/de/suche?q=%22%3E%3Csvg%20onload%3Dalert%28%22XSSPOSED%22%29%3E Details: Description| Value ---|--- Patched:| No Latest check for patch:| 25.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 487242 Google Pagerank| 4 VIP...

CVE-2014-9180

Open redirect vulnerability in go.php in Eleanor CMS allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the QUERYSTRING...

ET - Chat Password Reset Security Bypass

source: https://www.securityfocus.com/bid/66149/info ET - Chat is prone to a security bypass vulnerability. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions; this may aid in launching further attacks. ET - Chat 3.0.7 is vulnerable; other...

CVE-2009-4752

PHP remote file inclusion vulnerability in anzeiger/start.php in Swinger Club Portal allows remote attackers to execute arbitrary PHP code via a URL in the go parameter...

CVE-2005-4439

Buffer overflow in ELOG elogd 2.6.0-beta4 allows remote attackers to cause a denial of service application crash and possibly execute arbitrary code via a URL with a long 1 cmd or 2 mode parameter...