Atlassian Confluence 5.9.1 < 7.19.29 / 7.20.x < 8.5.17 / 8.6.x < 8.9.8 / 9.0.x < 9.1.0 / 9.2.0 XSS (CONFSERVER-98301)

The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-98301 advisory. - JSON5 is an extension to the popular JSON file format that aims to be easier to write and maintain by hand e.g. for config files. The parse method...

Cross-site Scripting (XSS) - Generic in snipe/snipe-it

Description At File Uploads allows for arbitrary execution of JavaScript Step to Reproduct XSS at filename Goto detail of one asset At tab File choose to upload file with filename contain payload: file'name XSS when upload file .svg In list file types are allowed don't have file .svg Goto detail ...

Cross-site Scripting (XSS) - Stored in yogeshojha/rengine

✍️ Description Hi, When creating a template for nuclei, it is possible to upload a malicious template with xss load, clicking to see this template will run xss. 🕵️‍♂️ Proof of Concept 1- First, create the fake template: id: poc-xss alert1 info: name: xss-storage-rengine author: phor3nsic severity:...

Hotel And Lodge Management System 1.0 Cross Site Scripting

Exploit Title: Hotel And Lodge Management System 1.0 - 'Customer Details' Stored XSS Exploit Author: Jitendra Kumar Tripathi Vendor Homepage: https://www.sourcecodester.com/php/13707/hotel-and-lodge-management-system.html Software Link:...

U.S. Dept Of Defense: Reflected XSS on https://███/████via hidden parameter "█████████"

Hi everyone : I found a Reflected XSS on https://█████/█████████via hidden parameter "██████████". Steps To Reproduce: - Use your favorite web browser - Go to : https://█████/████████&██████=XXX%22%3E%3Cscript%3Ealert%27Reflected%20XSS%20here%27%3C/script%3E An XSS is triggered ! The initial page...

Acronis: Subdomains takeover of register.acronis.com, promo.acronis.com, info.acronis.com and promosandbox.acronis.com

Summary: The Subdomains https://register.acronis.com, https://promo.acronis.com, https://info.acronis.com and https://promosandbox.acronis.com are vulnerable to takeover due to unclaimed marketo CNAME records. Anyone is able to own these subdomains at the moment. This vulnerability is called...

Roblox: Reflected XSS through multiple inputs in the issue collector on Jira

Note I put this as Medium because that's what the CVE is. This vulnerability is known and it's classified under CVE-2018-5230. Here's a link to the thread on it by Atlassian: https://jira.atlassian.com/browse/JRASERVER-67289 Description --------------------- I noticed when testing that your Jira...

Optus/Huawei E960 HSDPA Router Cross Site Scripting

XSS Attack using SMS to Optus/Huawei E960 HSDPA Router Synopsis -------- Huawei E960 HSDPA Router firmware version 246.11.04.11.110sp04 is vulnerable to XSS attack using SMS. One of the feature of this router is the ability to send and receive SMS through its web interface. The SMS text is...