Lucene search
+L

32 matches found

Packet Storm
Packet Storm
added 2020/01/08 12:0 a.m.81 views

Codoforum 4.8.3 Cross Site Scripting

Exploit Title: Codoforum 4.8.3 - Persistent Cross-Site Scripting Google Dork: intext:"Powered by Codoforum" Date: 2020-01-07 Exploit Author: Vyshnav Vizz Vendor Homepage: https://codoforum.com/index.php Software Link: https://codoforum.com/buy Version: Codoforum 4.8.3 Tested on: Linux CVE : N/A...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/01/08 12:0 a.m.116 views

Codoforum 4.8.3 - 'input_txt' Persistent Cross-Site Scripting

Exploit Title: Codoforum 4.8.3 - Persistent Cross-Site Scripting Google Dork: intext:"Powered by Codoforum" Date: 2020-01-07 Exploit Author: Vyshnav Vizz Vendor Homepage: https://codoforum.com/index.php Software Link: https://codoforum.com/buy Version: Codoforum 4.8.3 Tested on: Linux CVE : N/A...

7.4AI score
Exploits0
RedHat Linux
RedHat Linux
added 2019/11/01 1:3 p.m.7 views

php: Heap buffer over-read in exif_process_user_comment()

When PHP EXIF extension is parsing EXIF information from an image, e.g. via exifreaddata function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information...

7.1CVSS7.3AI score0.0442EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2019/02/01 12:0 a.m.61 views

FreeBSD : Gitlab -- Multiple vulnerabilities (467b7cbe-257d-11e9-8573-001b217b3468)

Gitlab reports : Remote Command Execution via GitLab Pages Covert Redirect to Steal GitHub/Bitbucket Tokens Remote Mirror Branches Leaked by Git Transfer Refs Denial of Service with Markdown Guests Can View List of Group Merge Requests Guest Can View Merge Request Titles via System Notes Persiste...

9.8CVSS6.5AI score0.05471EPSS
Exploits17References26
Hacker One
Hacker One
added 2018/03/04 5:31 a.m.25 views

Vanilla: A user can comment in private discussions without having permission to access the discussion

Hello team, I have found a vulnerability which allows a user who does not have access to a discussion to comment on it and thus avoid the control applied. http://littleguy.vanillastaging.com/ Proof Of Concept ============= For this proof of concept I have used 3 users. User A creates a PRIVATE...

6.9AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.26 views

Pixelpost 1.4.3 User Comment HTML Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/16362/info Pixelpost is prone to an HTML injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in dynamically generated content...

7.1AI score
Exploits0
Cvelist
Cvelist
added 2007/01/03 2:0 a.m.25 views

CVE-2006-6844

Cross-site scripting XSS vulnerability in the optional user comment module in CMS Made Simple 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the user comment form...

5.7AI score0.01299EPSS
Exploits1References5
NVD
NVD
added 2006/12/31 5:0 a.m.19 views

CVE-2006-6844

Cross-site scripting XSS vulnerability in the optional user comment module in CMS Made Simple 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the user comment form...

6.8CVSS5.7AI score0.01299EPSS
Exploits1References5
securityvulns
securityvulns
added 2006/12/26 12:0 a.m.52 views

XSS - CMS Made Simple v1.0.2

Product: CMS Made Simple v1.0.2 Class: XSS Website: http://www.cmsmadesimple.org Found by: L0j1k of D.I.E. Inc. Googledork: "powered by cms made simple" -=-=-=-=- - Summary: Optional user comment module not properly sanitized for script tags. -=-=-=-=- - PoC: Input the following into user comment...

6.9AI score
Exploits0
Packet Storm
Packet Storm
added 2006/02/20 12:0 a.m.27 views

siteframe_5.0.2_xss.txt

Siteframe Beaumont 5.0.2 == User Comment Cross-Site Scripting Vulnerability Information of Software: Software: Siteframe Beaumont 5.0.1a Site: http://www.siteframe.org/ Description of software: Siteframe is a lightweight content-management system designed for the rapid deployment of community-bas...

7.4AI score
Exploits0
Cvelist
Cvelist
added 2002/01/10 5:0 a.m.21 views

CVE-2002-0008

Bugzilla before 2.14.1 allows remote attackers to 1 spoof a user comment via an HTTP request to processbug.cgi using the "who" parameter, instead of the Bugzillalogin cookie, or 2 post a bug as another user by modifying the reporter parameter to enterbug.cgi, which is passed to postbug.cgi...

6.7AI score0.01855EPSS
Exploits0References9
CVE
CVE
added 2002/01/10 5:0 a.m.48 views

CVE-2002-0008

CVE-2002-0008 affects Bugzilla prior to 2.14.1. The vulnerability allows remote attackers to impersonate users: (1) spoof a user comment by sending a request to process_bug.cgi using the who parameter instead of the Bugzilla_login cookie, and (2) post a bug as another user by altering the reporte...

7.5CVSS7.1AI score0.01855EPSS
Exploits0References9Affected Software1
Rows per page
Query Builder