57 matches found
EUVD-2017-17390
Malware in sbrugna...
CVE-2021-23959
An XSS bug in internal error pages could have led to various spoofing attacks, including other error pages and the address bar. Note: This issue only affected Firefox for Android. Other operating systems are unaffected. This vulnerability affects Firefox 85...
CVE-2025-46346 YesWiki Vulnerable to Stored XSS in Comments
YesWiki is a wiki system written in PHP. Prior to version 4.5.4, a stored cross-site scripting XSS vulnerability was discovered in the application’s comments feature. This issue allows a malicious actor to inject JavaScript payloads that are stored and later executed in the browser of any user...
salemlutheran.com Cross Site Scripting vulnerability OBB-3817834
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
Samsung Galaxy Store Bug Could've Let Hackers Secretly Install Apps on Targeted Devices
A now-patched security flaw has been disclosed in the Galaxy Store app for Samsung devices that could potentially trigger remote command execution on affected phones. The vulnerability, which affects Galaxy Store version 4.5.32.4, relates to a cross-site scripting XSS bug that occurs when handlin...
CVE-2022-1464 Stored xss bug in gogs/gogs
Stored xss bug in GitHub repository gogs/gogs prior to 0.12.7. As the repo is public , any user can view the report and when open the attachment then xss is executed. This bug allow executed any javascript code in victim account...
WooCommerce Pricing Plugin Allows Malicious Code-Injection
A pair of security vulnerabilities in the WooCommerce Dynamic Pricing and Discounts plugin from Envato could allow unauthenticated attackers to inject malicious code into websites running unpatched versions. This can result in a variety of attacks, including website redirections to phishing pages...
Cross-site Scripting (XSS) - Stored in polonel/trudesk
💥 BUG Stored xss bug using file upload against admin . 💥 SUMMURY Here trudesk only allow to upload image file but it can be bypassed and attacker can upload html file . As html file can serve any javascript code ,so attacker can execute any javascript code in vicitm trudesk account . 💥 IMPACT low...
CVE-2021-23959
An XSS bug in internal error pages could have led to various spoofing attacks, including other error pages and the address bar. Note: This issue only affected Firefox for Android. Other operating systems are unaffected. This vulnerability affects Firefox 85...
CVE-2021-23959
CVE-2021-23959 is an XSS vulnerability in Firefox for Android, arising from improper validation on internal error pages that could enable spoofing attacks (e.g., other error pages and address bar). Affected: Firefox for Android; conditionally affects other OSes not noted in this entry. Impact per...
Mozilla Firefox < 85.0
The version of Firefox installed on the remote macOS or Mac OS X host is prior to 85.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2021-03 advisory. - Mozilla developers Sebastian Hengst, Christian Holler, Tyson Smith reported memory safety bugs present in...
Security Vulnerabilities fixed in Firefox 85 — Mozilla
If a user clicked into a specifically crafted PDF, the PDF reader could be confused into leaking cross-origin information, when said information is served as chunked data. Using the new logical assignment operators in a JavaScript switch statement could have caused a type confusion, leading to a...
marylandidiomas.com.br Cross Site Scripting vulnerability OBB-1460657
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
tokubai.co.jp Cross Site Scripting vulnerability OBB-1382436
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
demo.eccosys.com.br Cross Site Scripting vulnerability OBB-1267179
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
auctions.lockdales.com Cross Site Scripting vulnerability
Open Bug Bounty ID: OBB-1167820 Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website...
attaboyassemblies.com Cross Site Scripting vulnerability
Open Bug Bounty ID: OBB-1097745 Security Researcher g0bl1nsec Helped patch 3741 vulnerabilities Received 4 Coordinated Disclosure badges Received 3 recommendations , a holder of 4 badges for responsible and coordinated disclosure, found a security vulnerability affecting attaboyassemblies.com...
ZEIT: Open redirection in https://zeit.co/login?next=
you have a open redirection bug in https://zeit.co/login?next= now i want to redirect the victem to https://www.google.com https://zeit.co/login?next=\www.google.com done !! it will redirected F511594 Impact redirect the victems to any page and it can be xss bug...
finaint.com XSS vulnerability
Open Bug Bounty ID: OBB-697081 Description| Value ---|--- Affected Website:| finaint.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| hidden until disclosure Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| hidden unti...
Fedora 27 : php-pear-CAS (2018-95695b59c7)
Version 1.3.6 Security Fixes: - Fix XSS in proxy mode 271 Joachim Fritschi Bug Fixes: - Fix bad condition 252 Brice Vercoustre - Hash ticket strings to generate valid-length session-ids 224, 244, 248 Adam Franco - Fix 'phpCAS' class capitalization in code 273, 277 phy25 Improvement: - Remove...