72 matches found
CVE-2021-36062
Adobe Connect version 11.2.2 and earlier is affected by a Reflected Cross-site Scripting vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious...
OpenText Content Server 20.3 - multiple Stored Cross-Site Scripting Vulnerabilities
Exploit Title: OpenText Content Server 20.3 - 'multiple' Stored Cross-Site Scripting Exploit Author: Kamil Breński Vendor Homepage: https://www.opentext.com/ Software Link: https://www.opentext.com/products-and-solutions/products/enterprise-content-management/content-management Version: 20.3...
Design/Logic Flaw
An issue was discovered in Quali CloudShell 9.3. An XSS vulnerability in the login page allows an attacker to craft a URL, with a constructor.constructor substring in the username field, that executes a payload when the user visits the /Account/Login page...
guamegi.or.kr Cross Site Scripting vulnerability OBB-1345096
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
CVE-2020-24660
An issue was discovered in LemonLDAP::NG through 2.0.8, when NGINX is used. An attacker may bypass URL-based access control to protected Virtual Hosts by submitting a non-normalized URI. This also affects versions before 0.5.2 of the "Lemonldap::NG handler for Node.js" package...
CVE-2020-24660
An issue was discovered in LemonLDAP::NG through 2.0.8, when NGINX is used. An attacker may bypass URL-based access control to protected Virtual Hosts by submitting a non-normalized URI. This also affects versions before 0.5.2 of the "Lemonldap::NG handler for Node.js" package...
Improper access control
An issue was discovered in LemonLDAP::NG through 2.0.8, when NGINX is used. An attacker may bypass URL-based access control to protected Virtual Hosts by submitting a non-normalized URI. This also affects versions before 0.5.2 of the "Lemonldap::NG handler for Node.js" package...
CVE-2020-24660
CVE-2020-24660 affects LemonLDAP::NG (up to 2.0.8) when used with NGINX, and the Lemonldap::NG handler for Node.js (before 0.5.2). The issue allows an attacker to bypass URL-based access control on protected Virtual Hosts by submitting a non-normalized URI. The vulnerability can impact systems th...
CVE-2020-24660
An issue was discovered in LemonLDAP::NG through 2.0.8, when NGINX is used. An attacker may bypass URL-based access control to protected Virtual Hosts by submitting a non-normalized URI. This also affects versions before 0.5.2 of the "Lemonldap::NG handler for Node.js" package...
CVE-2020-24660
An issue was discovered in LemonLDAP::NG through 2.0.8, when NGINX is used. An attacker may bypass URL-based access control to protected Virtual Hosts by submitting a non-normalized URI. This also affects versions before 0.5.2 of the "Lemonldap::NG handler for Node.js" package...
caaffordablehealthins.com Cross Site Scripting vulnerability OBB-1222141
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
migu-music.com Cross Site Scripting vulnerability OBB-1192803
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
temanteman.org Cross Site Request Forgery vulnerability
Open Bug Bounty ID: OBB-1156805 Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website...
bdsav.de Cross Site Scripting vulnerability
Open Bug Bounty ID: OBB-1117242 Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website...
Pricing Table by Supsystic < 1.8.2 - Insecure Permissions on AJAX Actions
An issue was discovered in the pricing-table-by-supsystic plugin before 1.8.2 for WordPress. Because there is no permission check on the ImportJSONTable, createFromTpl, and getJSONExportTable endpoints, unauthenticated users can retrieve pricing table information, create new tables, or...
Cybercriminals Adding Sophistication to BEC Threats
Cybercriminals are boosting their game and employing new tactics to move up the chain of command with more sophisticated business email compromise BEC threats that pose a greater threat to organizations, according to a new report. Advanced BEC attacks–including impersonation attacks and CEO...
Open Redirection
apostrophe is vulnerable to open redirection. A lack of validation in the URL allows a remote attacker to redirect requests to a malicious site using trailing / appended at the end of the URL...
Emotet re-emerges after the holidays
While Emotet has been around for many years and is one of the most well-known pieces of malware in the wild, that doesn't mean attackers don't try to freshen it up. Cisco Talos recently discovered several new campaigns distributing the infamous banking trojan via email. These new campaigns have...
kuribayashi-dc.com XSS vulnerability
Open Bug Bounty ID: OBB-679560 Description| Value ---|--- Affected Website:| kuribayashi-dc.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
FortiWeb Recursive URL Decoding is not enabled by default
FortiWeb's "Recursive URL Decoding" feature can detect URL-based attacks among which XSS and SQL injection attempts even when the malicious URL is recursively encoded. However, this feature is not enabled by default in FortiWeb's system settings for FortiWeb version 6.0.0 and below...