WBCE CMS 1.5.2 - Cross-Site Scripting

WBCE CMS 1.5.2 contains a stored cross-site scripting vulnerability via \admin\user\save.php Display Name parameters. id: CVE-2022-30073 info: name: WBCE CMS 1.5.2 - Cross-Site Scripting author: arafatansari severity: medium description: | WBCE CMS 1.5.2 contains a stored cross-site scripting...

openSUSE Security Advisory (SUSE-SU-2024:4117-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

BIT-LIVEHELPERCHAT-2021-4050

livehelperchat is vulnerable to Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting'...

10WebSocial < 1.2.9 - Reflected XSS

The plugin does not sanitise and escape some parameter before outputting it back in a page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin Make a logged in admin open a page with the code below The XSS will be triggered when pressing...

mraspinall.com Cross Site Scripting vulnerability OBB-3309965

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

freeprintableonline.com Cross Site Scripting vulnerability OBB-3161395

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Cross-site Scripting (XSS) - Stored in helloxz/onenav

Description Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into websites. An attacker can use XSS to send a malicious script to an unsuspecting user. The end user’s browser has no way to know that the script should not be trusted, and will execut...

openSUSE Security Update : MozillaThunderbird (openSUSE-2021-644)

This update for MozillaThunderbird fixes the following issues : - Firefox was updated to 78.10.0 ESR bsc1184960 - CVE-2021-23994: Out of bound write due to lazy initialization - CVE-2021-23995: Use-after-free in Responsive Design Mode - CVE-2021-23998: Secure Lock icon could have been spoofed -...

Forcepoint WebSecurity 8.5 Cross Site Scripting

Exploit Title: Forcepoint WebSecurity 8.5 - Reflective Cross-Site Scripting Exploit Author: Prasenjit Kanti Paul Vendor Homepage: https://www.forcepoint.com/ Software Link: https://www.forcepoint.com/product/cloud-security/web-security Version: Forcepoint Web Security 8.5 Tested on: Windows 7,10...

Forcepoint WebSecurity 8.5 - Reflective Cross-Site Scripting

Forcepoint WebSecurity 8.5 - Reflective Cross-Site Scripting Exploit Title: Forcepoint WebSecurity 8.5 - Reflective Cross-Site Scripting Exploit Author: Prasenjit Kanti Paul Vendor Homepage: https://www.forcepoint.com/ Software Link: https://www.forcepoint.com/product/cloud-security/web-security...

TP-Link TL-WR841N / TL-WR841ND Brute Force / CSRF

Hello list! There are Brute Force and Cross-Site Request Forgery vulnerabilities in TP-Link TL-WR841N and TL-WR841ND. ------------------------- Affected products: ------------------------- Vulnerable are the next models: TP-Link TL-WR841N and TL-WR841ND, Firmware Version 3.16.9 Build 151216. All...

D-Link DGS-3000-10TC Cross Site Request Forgery

Hello list! There are Cross-Site Request Forgery vulnerabilities in D-Link DGS-3000-10TC. In previous advisory I wrote about Cross-Site Scripting and Content Spoofing vulnerabilities. ------------------------- Affected products: ------------------------- Vulnerable is the next model: D-Link...

D-Link DGS-3000-10TC Cross Site Scripting / Content Spoofing

Hello list! There are Cross-Site Scripting and Content Spoofing vulnerabilities in D-Link DGS-3000-10TC. ------------------------- Affected products: ------------------------- Vulnerable is the next model: D-Link DGS-3000-10TC, Firmware Version 2.00.006. All other versions also must be vulnerable...

D-Link DIR-100 Brute Force / Cross Site Request Forgery

Hello list! There are Brute Force and Cross-Site Request Forgery vulnerabilities in D-Link DIR-100. ------------------------- Affected products: ------------------------- Vulnerable is the next model: D-Link DIR-100, Firmware v1.01. All other versions also must be vulnerable. ---------- Details:...

Real Estate Classifieds Script - SQL Injection

Exploit Title: Real Estate Classifieds Script - SQL Injection Dork: N/A Date: 12.06.2017 Vendor : http://www.easyrealestatescript.com/ Software: http://www.easyrealestatescript.com/demo.html Demo: http://www.easyrealestatescript.com/demo.html Version: N/A Author: EziBilisim Author Web:...

D-Link DIR-300NRUB5 Firmware 1.2.94 Cross Site Request Forgery

Hello list! There are Abuse of Functionality, Brute Force and Cross-Site Request Forgery vulnerabilities in D-Link DIR-300. ------------------------- Affected products: ------------------------- Vulnerable is the next model: D-Link DIR-300NRUB5, Firmware 1.2.94. All previous versions also must be...

Office Document Reader 5.1.13 XSS / CSRF

Hello list! Happy New Year! There are multiple vulnerabilities in Office Document Reader for iOS. There are Cross-Site Scripting and Cross-Site Request Forgery vulnerabilities. Earlier I've informed developer of Office Document Reader about this and other his software. -------------------------...

CSRF vulnerabilities in Callisto 821+R3 ADSL Router

Hello 3APA3A! After all my advisories about vulnerabilities in Callisto 821+ http://seclists.org/fulldisclosure/2011/Aug/1 and recent advisory about Callisto 821+R3, here is new one. Because vendor ignored in 2011 all my letters and subsequent my public disclosure of vulnerabilities and new devic...

Callisto 821+R3 Cross Site Request Forgery Vulnerability

Callisto 821+R3 suffers from multiple cross site request forgery vulnerabilities. After all my advisories about vulnerabilities in Callisto 821+ http://seclists.org/fulldisclosure/2011/Aug/1 and recent advisory about Callisto 821+R3, here is new one. Because vendor ignored in 2011 all my letters...

CSRF and XSS vulnerabilities in D-Link DCS-2103

Hello 3APA3A! There are Cross-Site Request Forgery and Cross-Site Scripting vulnerabilities in D-Link DCS-2103 IP camera. ------------------------- Affected products: ------------------------- Vulnerable is the next model: D-Link DCS-2103, Firmware 1.0.0. Version 1.20 and previous versions also...