AVideo has Pre-Captcha User Enumeration and Account Status Disclosure in Password Recovery Endpoint

Summary The password recovery endpoint at objects/userRecoverPass.php performs user existence and account status checks before validating the captcha. This allows an unauthenticated attacker to enumerate valid usernames and determine whether accounts are active, inactive, or banned — at scale and...

EUVD-2025-202429

XWiki Rendering is a generic rendering system that converts textual input in a given syntax wiki syntax, HTML, etc into another syntax XHTML, etc. Versions 16.10.9 and below, 17.0.0-rc-1 through 17.4.2 and 17.5.0-rc-1 through 17.5.0 have insufficient protection against /html injection, which...

web.newmarketchamber.ca Open Redirect vulnerability

Vulnerable URL: http://web.newmarketchamber.ca/external/wcpages/wcdirectory/directory.aspx?listingid=1873=991Y4M8O=uweb=http://xssposed.org Details: Description| Value ---|--- Patched:| Yes, at 25.07.2017 Latest check for patch:| 25.07.2017 12:46 GMT Vulnerability type:| Open Redirect Vulnerabili...

CVE-2009-0248

Cross-site scripting XSS vulnerability in rankup.asp in Katy Whitton RankEm allows remote attackers to inject arbitrary web script or HTML via the siteID parameter...

Unfixed XSS vulnerability at www.defenseindustrydaily.com

Security researcher Skunkfoot, has submitted on 25/10/2007 a cross-site-scripting XSS vulnerability affecting www.defenseindustrydaily.com, which at the time of submission ranked 55031 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 28/10/2007...