Prima Access Control 2.3.35 Cross Site Scripting

Prima Access Control 2.3.35 Authenticated Stored XSS CVE: CVE-2019-7671 Advisory: https://applied-risk.com/resources/ar-2019-007 Discovered by Gjoko 'LiquidWorm' Krstic POST /bin/sysfcgi.fx HTTP/1.1 Host: 192.168.13.37 Connection: keep-alive Content-Length: 265 Origin: https://192.168.13.37...

CVE-2019-17221

PhantomJS through 2.1.1 has an arbitrary file read vulnerability, as demonstrated by an XMLHttpRequest for a file:// URI. The vulnerability exists in the page.open function of the webpage module, which loads a specified URL and calls a given callback. An attacker can supply a specially crafted HT...

CVE-2019-17221

PhantomJS through 2.1.1 has an arbitrary file read vulnerability, as demonstrated by an XMLHttpRequest for a file:// URI. The vulnerability exists in the page.open function of the webpage module, which loads a specified URL and calls a given callback. An attacker can supply a specially crafted HT...

CVE-2019-17221

PhantomJS through 2.1.1 has an arbitrary file read vulnerability, as demonstrated by an XMLHttpRequest for a file:// URI. The vulnerability exists in the page.open function of the webpage module, which loads a specified URL and calls a given callback. An attacker can supply a specially crafted HT...

CVE-2019-17221

CVE-2019-17221 affects PhantomJS up to version 2.1.1. The vulnerability is an arbitrary file read in the webpage module’s page.open() function, exploitable via an XMLHttpRequest to a file:// URI. An attacker can provide a crafted HTML file as input, causing PhantomJS to read arbitrary files on th...

CVE-2019-17221

Removed by vendor...

CVE-2019-17221

PhantomJS through 2.1.1 has an arbitrary file read vulnerability, as demonstrated by an XMLHttpRequest for a file:// URI. The vulnerability exists in the page.open function of the webpage module, which loads a specified URL and calls a given callback. An attacker can supply a specially crafted HT...

Tidio Live Chat <= 4.1.0 - CSRF to Stored XSS

A CSRF vulnerability in the Tidio Live Chat WordPress Plugin var xhr = new XMLHttpRequest; xhr.open"POST", "https://wordpress.local/wp-admin/admin-ajax.php?action=tidiochatsavekeys", true; xhr.setRequestHeader"Accept", "text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8";...

The vulnerability of the API XMLHttpRequest component in browsers such as Firefox, Firefox ESR, and the email client Thunderbird lies in its memory management after it is freed. This allows attackers to compromise data integrity, gain unauthorized access to protected information, and cause service failures.

The vulnerability of the API XMLHttpRequest component in browsers such as Firefox, Firefox ESR, and the email client Thunderbird relates to the use of memory after it is released upon a XHR request. Exploiting this vulnerability allows an attacker to gain access to confidential data, compromise i...

CVE-2019-15138

The html-pdf package 2.2.0 for Node.js has an arbitrary file read vulnerability via an HTML file that uses XMLHttpRequest to access a file:/// URL...

CVE-2019-15138

The html-pdf package 2.2.0 for Node.js has an arbitrary file read vulnerability via an HTML file that uses XMLHttpRequest to access a file:/// URL...

Design/Logic Flaw

The html-pdf package 2.2.0 for Node.js has an arbitrary file read vulnerability via an HTML file that uses XMLHttpRequest to access a file:/// URL...

CVE-2019-15138

The html-pdf package 2.2.0 for Node.js has an arbitrary file read vulnerability via an HTML file that uses XMLHttpRequest to access a file:/// URL...

Sentrifugo 3.2 - Persistent Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: Sentrifugo 3.2 - Persistent Cross-Site Scripting Exploit Author: creosote Vendor Homepage: http://www.sentrifugo.com/ Version: 3.2 Tested on: Ubuntu 18.04 CVE : CVE-2019-15814 Multiple Stored XSS vulnerabilities were found in...

Sentrifugo 3.2 Cross Site Scripting

Exploit Title: Sentrifugo 3.2 - Persistent Cross-Site Scripting Google Dork: N/A Date: 8/29/2019 Exploit Author: creosote Vendor Homepage: http://www.sentrifugo.com/ Version: 3.2 Tested on: Ubuntu 18.04 CVE : CVE-2019-15814 Multiple Stored XSS vulnerabilities were found in Sentrifugo 3.2. In most...

DEBIAN-CVE-2019-11691

A use-after-free vulnerability can occur when working with XMLHttpRequest XHR in an event loop, causing the XHR main thread to be called after it has been freed. This results in a potentially exploitable crash. This vulnerability affects Thunderbird 60.7, Firefox 67, and Firefox ESR 60.7...

CVE-2019-11691

A use-after-free vulnerability can occur when working with XMLHttpRequest XHR in an event loop, causing the XHR main thread to be called after it has been freed. This results in a potentially exploitable crash. This vulnerability affects Thunderbird 60.7, Firefox 67, and Firefox ESR 60.7...

Design/Logic Flaw

A use-after-free vulnerability can occur when working with XMLHttpRequest XHR in an event loop, causing the XHR main thread to be called after it has been freed. This results in a potentially exploitable crash. This vulnerability affects Thunderbird 60.7, Firefox 67, and Firefox ESR 60.7...

CVE-2019-11691

CVE-2019-11691 is a use-after-free vulnerability in XMLHttpRequest (XHR) triggered by an event loop, causing the XHR main thread to be invoked after the object is freed. Affects Thunderbird versions &lt; 60.7 and Firefox/Firefox ESR versions

CVE-2019-11691

A use-after-free vulnerability can occur when working with XMLHttpRequest XHR in an event loop, causing the XHR main thread to be called after it has been freed. This results in a potentially exploitable crash. This vulnerability affects Thunderbird 60.7, Firefox 67, and Firefox ESR 60.7...