Lucene search
K
HuntrMost viewed

4072 matches found

Huntr
Huntr
β€’added 2022/01/14 5:59 a.m.β€’19 views

Cross-Site Request Forgery (CSRF) in livehelperchat/livehelperchat

Description A CSRF issue is found in the SettingsLive help configurationFile Configuration. It was found that no CSRF token validation is getting done as no CSRF token is getting passed with the request. Proof of Concept Actual Request POST /siteadmin/file/configuration HTTP/1.1 Host:...

4.3CVSS5.8AI score0.00512EPSS
Exploits1
Huntr
Huntr
β€’added 2022/01/12 6:58 a.m.β€’19 views

Cross-site Scripting (XSS) - Stored in orchardcms/orchardcore

Description The Stored XSS vulnerability occurs because the menu editing function can insert a JavaScript Scheme as the value of the menu's HREF. Proof of Concept txt 1. Go to Content - Menu - Edit 2. Enter javascript:alertdocument.domain as the URL value using the Add or Edit menu function. 3...

3.5CVSS0.3AI score0.00573EPSS
Exploits1
Huntr
Huntr
β€’added 2022/01/12 6:30 a.m.β€’19 views

Cross-Site Request Forgery (CSRF) in phoronix-test-suite/phoronix-test-suite

Description Hi there, I would like to report another CSRF in phoronix Proof of Concept 1. Install a local instance of phoronix 2. Create a benchmark and note down benchmark id 3. Access the link /?benchmark//&repeat, /?benchmark//&disable and /?benchmark//&remove and see that the benchmark is...

4.3CVSS1.1AI score0.00783EPSS
Exploits1
Huntr
Huntr
β€’added 2022/01/11 5:14 a.m.β€’19 views

in stanfordnlp/corenlp

Description The TransformXML function makes use of SAXParser generated from a SAXParserFactory with no FEATURESECUREPROCESSING set, allowing for XXE attacks. In...

5.8CVSS1AI score0.00739EPSS
Exploits1
Huntr
Huntr
β€’added 2022/01/04 1:0 a.m.β€’19 views

Cross-site Scripting (XSS) - Stored in phoronix-test-suite/phoronix-test-suite

Description Hi there phoronix test suite maintainer team. There is a stored XSS in phoronix-test-suite source code. This is in group name. Proof of Concept 1. Install a local instance of phoronix test suite 2. Create an account and log in, then create a group with name . Note that you cannot crea...

3.5CVSS6.5AI score0.01081EPSS
Exploits1
Huntr
Huntr
β€’added 2022/01/02 8:29 p.m.β€’19 views

Exposure of Sensitive Information to an Unauthorized Actor in microweber/microweber

Description Any unauthorized/unauthenticated actor can find the PII data of all the users registered in the application. PII - Personally Identifiable Information leaked by this application is first name, last name, email id, picture, username, isadmin status Proof of Concept 1 Visit...

5CVSS1.3AI score0.1201EPSS
Exploits1
Huntr
Huntr
β€’added 2021/12/31 5:9 a.m.β€’19 views

Exposure of Sensitive Information to an Unauthorized Actor in polonel/trudesk

Description When you delete a conversation, the server responds with sensitive data including user IDs and emails among other data. The endpoint that's contacted in order to delete a conversation is /api/v1/messages/conversation/. A user with low level privileges such as a customer account could...

0.1AI score
Exploits0
Huntr
Huntr
β€’added 2021/12/27 4:50 a.m.β€’19 views

Cross-site Scripting (XSS) - Reflected in livehelperchat/livehelperchat

Description The application does not escape special characters, and the $msgPArent or $Result'additionalpostmessage' variables can lead to reflected XSS Proof of Concept https://demo.livehelperchat.com/chat/chatwidgetchat/444/123/theme/1/cstarted/123";;alert'xss';" Impact XSS can have huge...

4.3CVSS1.3AI score0.00785EPSS
Exploits1
Huntr
Huntr
β€’added 2021/12/24 11:16 a.m.β€’19 views

in polonel/trudesk

Description When logging in, the login page will tell you whether or not a username exists which is a vulnerability since it can be paired with the lack of rate limitation when logging in in order to help an attacker find out which accounts exist & then brute force those accounts' login...

6.9AI score
Exploits0
Huntr
Huntr
β€’added 2021/12/18 8:16 a.m.β€’19 views

Cross-site Scripting (XSS) - Stored in pimcore/pimcore

Description XSS in Classification Store included panels like Collections, Groups, Key,... in the store Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites. XSS attacks occur when an attacker uses a web...

6CVSS0.1AI score0.00877EPSS
Exploits1
Huntr
Huntr
β€’added 2021/12/14 9:47 a.m.β€’19 views

Cross-Site Request Forgery (CSRF) in splitbrain/dokuwiki

Description Although security token is present in the delete draft POST request. It is not being checked in the backend by checkSecurityToken CSRF checks. Proof of Concept 1: As a logged-in user create a draft page, on the data/cache directory of the server run the command to confirm a draft has...

0.2AI score
Exploits0
Huntr
Huntr
β€’added 2021/12/10 7:1 a.m.β€’19 views

Cross-site Scripting (XSS) - Stored in vanessa219/vditor

Description the editor has XSS vulnerability Proof of Concept payload: Open the editorhttps://ld246.com/guide/markdown, enter the payload, and trigger the XSS vulnerability demo pic : https://drive.google.com/file/d/1fl07CUXSS0DyvjtuftslMnyr2uGZ8F7/view?usp=sharing Impact This vulnerability has t...

3.5CVSS0.8AI score0.00664EPSS
Exploits1
Huntr
Huntr
β€’added 2021/12/09 2:53 a.m.β€’19 views

Cross-Site Request Forgery (CSRF) in yetiforcecompany/yetiforcecrm

Description An attacker is able to log out a user if a logged-in user visits the attacker's website. Proof of Concept history.pushState'', '', '/' document.forms0.submit; Impact This vulnerability is capable of forging users to unintentional logout. More details One way GET could be abused here i...

4.3CVSS0.7AI score0.00382EPSS
Exploits1
Huntr
Huntr
β€’added 2021/12/07 4:26 a.m.β€’19 views

Cross-Site Request Forgery (CSRF) in pimcore/pimcore

Description An attacker is able to log out a user if a logged-in user visits the attacker's website. Proof of Concept history.pushState'', '', '/' document.forms0.submit; Impact This vulnerability is capable of forging users to unintentional logout. More details One way GET could be abused here i...

4.3CVSS0.7AI score0.00429EPSS
Exploits1
Huntr
Huntr
β€’added 2021/12/06 1:30 p.m.β€’19 views

Improper Privilege Management in dotcms/core

Description Hello team, I found a SSTI that allow me to get Full Privilege Escalation system user 1. While editing a template we have total access to the User and UserModel classes via $user 2. One of the UserModel methods is called setUserId 3. If we call setUserId and pass "system" as parameter...

0.9AI score
Exploits0
Huntr
Huntr
β€’added 2021/11/29 9:49 a.m.β€’19 views

Cross-Site Request Forgery (CSRF) in hdinnovations/unit3d-community-edition

Description Very low severity CSRF in /comments/thanks/id Proof of Concept CLICK ME! Impact This vulnerability is capable of tricking users to send quick thanks. Can potentially trick users to infringe rate limits and get themselves banned via a repeated CSRF attack if admins choose to set...

1.9AI score
Exploits0
Huntr
Huntr
β€’added 2021/11/27 6:36 p.m.β€’19 views

Improper Access Control in bookstackapp/bookstack

Description A user with API access can view any attachment which they do not have read access to because read permissions are not being checked at the API attachments read controller. Proof of Concept 1: From default installation give the "Public" role access to system API 2: Upload attachment...

4CVSS0.8AI score0.00922EPSS
Exploits1
Huntr
Huntr
β€’added 2021/11/21 6:42 a.m.β€’19 views

Cross-site Scripting (XSS) - Stored in snipe/snipe-it

Description Cross site scripting vulnerability in checkout page in notes field Proof of Concept 1.Login to the demo page. 2. Go to accessories , select any product and add payload in the checkout notes 3. click save and open the product xss will trigger payload = " Impact This vulnerability is...

3.5CVSS1AI score0.00635EPSS
Exploits1References1
Huntr
Huntr
β€’added 2021/11/21 3:44 a.m.β€’19 views

Cross-Site Request Forgery (CSRF) in star7th/showdoc

Description An attacker is able to create a new group for any item if users visit the attacker's website. Furthermore, the user-id "uid" is also exposed via the JSON response. We can bypass the CSRF Protection if we put our payload on an iframe or an HTML file and then send them to the victim...

6.8CVSS0.6AI score0.00596EPSS
Exploits1References1
Huntr
Huntr
β€’added 2021/11/19 3:45 a.m.β€’19 views

CRLF Injection in phpservermon/phpservermon

Description misconfig of nginx lead to crlf injection In nginx, $uri is url decoded, which will decode %0d%0a to CRLF. code: return 301 http://$uri; Proof of Concept A request to: http://www.test.com/%0d%0afakeheader:123%0d%0a%0d%0afakecontent Impact CRLF Injection allows an attacker to inject...

5.8CVSS0.8AI score0.00843EPSS
Exploits1
Huntr
Huntr
β€’added 2021/11/16 10:26 a.m.β€’19 views

Cross-Site Request Forgery (CSRF) in kevinpapst/kimai2

Description CSRF related to duplicate action. the duplication occurs first before redirecting to edit form Proof of Concept GET /en/admin/teams/id/duplicate GET /en/admin/project/id/duplicate Impact This vulnerability is capable of tricking admin users to duplicate teams Note This is probably all...

4.3CVSS2.3AI score0.00386EPSS
Exploits1
Huntr
Huntr
β€’added 2021/11/15 1:32 p.m.β€’19 views

Open Redirect in star7th/showdoc

Description Open Redirect at login page due to unchecked "redirect" parameter. Vulnerable parameter redirect Payload /%09/google.com Proof of Concept Send users the following login link https://www.showdoc.com.cn/user/login?redirect=/%09/google.com After users use their registered account to logi...

5.8CVSS0.5AI score0.00761EPSS
Exploits1References1
Huntr
Huntr
β€’added 2021/11/11 8:8 a.m.β€’19 views

Cross-site Scripting (XSS) - Stored in snipe/snipe-it

Description Multiple Stored XSS at 'snipeitram3' and 'snipeitcpu4' in the multipart message of POST request when creating a new Asset or editing an existed Asset. Proof of Concept POST /hardware HTTP/1.1 Host: develop.snipeitapp.com Connection: close Content-Length: 2560 Cache-Control: max-age=0...

3.5CVSS5.6AI score0.00731EPSS
Exploits1References1
Huntr
Huntr
β€’added 2021/10/29 11:23 a.m.β€’19 views

in misp/misp-maltego

Description misconfigurations of nginx lead to a path traversal vulnerability. Proof of Concept Do a request to /munin../ can get any file under /var/cache/munin/ Impact An attacker can access files on the web server to which they should not have access...

3.6AI score
Exploits0
Huntr
Huntr
β€’added 2021/10/07 5:57 p.m.β€’19 views

in snipe/snipe-it

Description There is no rate limit sent unlimited email victim or any email address Proof of Concept There is no rate limit return-password , attacker to send unlimited email to victim or any email address. POST /password/email HTTP/1.1 Host: demo.snipeitapp.com Connection: close Content-Length: ...

0.3AI score
Exploits0References1
Huntr
Huntr
β€’added 2021/10/02 11:40 a.m.β€’19 views

in cortezaproject/corteza-server

Setup the application on your local system. Steps: -------- 1. Login in application and navigate to the settings, where change the user password and capture the request in burp suit. 2. Now logout from application and copy the Authorization token. 3. After logout the authorization token must be...

7AI score
Exploits0
Huntr
Huntr
β€’added 2021/09/12 6:18 p.m.β€’19 views

in fisharebest/webtrees

✍️ Description A malicious actor, either logged in as an admin or after intercepting a request, is able to modify the path argument in the delete-path route, and can arbitrarily delete index.php or config.ini.php, rendering the site unusable. πŸ•΅οΈβ€β™‚οΈ Proof of Concept 1; An admin should navigate to...

0.4AI score
Exploits0
Huntr
Huntr
β€’added 2021/09/12 3:28 a.m.β€’19 views

in bfabiszewski/libmobi

✍️ Description Overview This vulnerability is of out-of-bound read, which lets attackers read memory information beyond the buffer size. Possibly, attackers can use this to do DOS Denial of Service attack or ALSR bypass by reading sensitive memory address information to all applications which use...

7.5CVSS0.7AI score0.0112EPSS
Exploits1
Huntr
Huntr
β€’added 2021/09/11 6:40 p.m.β€’19 views

Inefficient Regular Expression Complexity in prismjs/prism

✍️ Description The prismjs package is vulnerable to ReDoS regular expression denial of service. An attacker that is able to provide a crafted HTML comment as input may cause an application to consume an excessive amount of CPU. Below pinned line using vulnerable regex. πŸ•΅οΈβ€β™‚οΈ Proof of Concept...

4.3CVSS0.9AI score0.01045EPSS
Exploits1
Huntr
Huntr
β€’added 2021/09/08 11:40 p.m.β€’19 views

in weseek/growi

✍️ Description You should check and validate the password when users registering, any user able to use a weak password like aaaaaa also you don't have any rate limit for incorrect passwords that cause to easily perform Bruteforce attacks against your users that have weak passwords. πŸ’₯ Impact This...

6.4CVSS2AI score0.00535EPSS
Exploits0
Huntr
Huntr
β€’added 2021/09/08 4:1 p.m.β€’19 views

Cross-site Scripting (XSS) - Reflected in th3-822/rapidleech

✍️ Description Cross-site Scripting XSS refers to client-side code injection attack wherein an attacker can execute malicious scripts into a legitimate website or web application. XSS occurs when a web application makes use of unvalidated or unencoded user input within the output it generates. The...

2.4AI score
Exploits0References1
Huntr
Huntr
β€’added 2021/09/07 10:22 p.m.β€’19 views

Cross-site Scripting (XSS) - Stored in chocobozzz/peertube

✍️ Description We can upload a SVG image and then send the url of that to other users and when they open the link we can get their complete session keys as the session keys stored in local storage and with Javascript easily can be stolen by attackers. πŸ•΅οΈβ€β™‚οΈ Proof of Concept 1.Go to...

4.3CVSS6.4AI score0.00899EPSS
Exploits1
Huntr
Huntr
β€’added 2021/09/05 6:40 a.m.β€’19 views

Prototype Pollution in clientio/joint

✍️ Description jointjs package is vulnerable to Prototype Pollution. A type confusion vulnerability can lead to a bypass of CVE-2020-28480 when the path components used in the path parameter are arrays. In particular, the condition key === "proto" returns false if key is "proto". This is because...

2.1AI score0.01359EPSS
Exploits0
Huntr
Huntr
β€’added 2021/09/01 6:0 p.m.β€’19 views

Cross-site Scripting (XSS) - Reflected in pi-hole/adminlte

✍️ Description Reflected XSS on any POST parameters with a correct token on /admin/settings.php When field is not in the defined list , $debug value is set to true , and the $POST is dumped without filtering πŸ•΅οΈβ€β™‚οΈ Proof of Concept 1. Login as admin 2. Settings - Flush log 3. replace field with XSS...

4.3CVSS0.1AI score0.00532EPSS
Exploits1
Huntr
Huntr
β€’added 2021/08/30 8:6 a.m.β€’19 views

Prototype Pollution in vincit/objection.js

✍️ Description objection package is vulnerable to Prototype Pollution. πŸ•΅οΈβ€β™‚οΈ Proof of Concept Create the following PoC file: // poc.js var set = require"objection/lib/utils/objectUtils" let obj = console.log"Before: " + .polluted setobj, 'proto', 'polluted', 'Yes! Its Polluted' console.log"After: "...

7.5CVSS1.8AI score0.0147EPSS
Exploits1
Huntr
Huntr
β€’added 2021/08/23 11:29 a.m.β€’19 views

Cross-site Scripting (XSS) - Reflected in znixbtw/panel-v2

✍️ Description Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into websites. An attacker can use XSS to send a malicious script to an unsuspecting user. The end user’s browser has no way to know that the script should not be trusted, and will...

5.2AI score
Exploits0References2
Huntr
Huntr
β€’added 2021/08/04 3:40 p.m.β€’19 views

Cross-Site Request Forgery (CSRF) in hdinnovations/unit3d-community-edition

✍️ Description Attacker is able to enable a user notification if a logged in user visits attacker website. πŸ•΅οΈβ€β™‚οΈ Proof of Concept 1. when you logged in open this POC.html in a browser 2. you can check your notification is enable history.pushState'', '', '/' document.forms0.submit; πŸ’₯ Impact This...

1.4AI score
Exploits0
Huntr
Huntr
β€’added 2021/06/10 8:22 a.m.β€’19 views

in phpmailer/phpmailer

✍️ Description validateAddress function used to validate email addresses, uses calluserfunc to call the callable from the name of callable provided to the function as an argument $patternselect. But if no argument is passed, the function sets "php" as default value to $patternselect variable on...

6.8CVSS0.3AI score0.0226EPSS
Exploits0
Huntr
Huntr
β€’added 2021/05/18 1:29 p.m.β€’19 views

Cross-site Scripting (XSS) - Stored in changeweb/unifiedtransform

✍️ Description Stored Cross Site Scripting in the message/all.blade.php. πŸ•΅οΈβ€β™‚οΈ Proof of Concept As a teacher, click on "My Courses" and then "message students". CKEditor hides the underlying where we can add tag or capture the request in a proxy like burpsuite and edit the HTTP POST request. Select...

Exploits0
Huntr
Huntr
β€’added 2021/04/19 6:35 a.m.β€’19 views

Cross-site Scripting (XSS) - Generic in boxbilling/boxbilling

✍️ Description XSS is possible via support ticket reply functionality for admin. It can happen if a client registers with his name as the XSS payload and admin replies with the default greetings. Otherwise admin have to manually enter the payload in reply form. πŸ•΅οΈβ€β™‚οΈ Proof of Concept 1. Register...

0.6AI score
Exploits0References1
Huntr
Huntr
β€’added 2021/04/03 3:30 a.m.β€’19 views

Cross-site Scripting (XSS) - Stored in octobercms/library

✍️ Description OctoberCMS uses october/rain library to handle file uploads. Previously it was possible to upload malicious files with HTML content to the CMS via its Media upload feature. This security issue marked as CVE-2020-15249 was fixed in 1.0.469. But it is still possible to upload XML...

0.8AI score0.00459EPSS
Exploits0References3
Huntr
Huntr
β€’added 2021/03/30 11:47 a.m.β€’19 views

Cross-site Scripting (XSS) - Stored in harish81/digidocu

✍️ Description DigiDocu is a CMS written in PHP using Laravel Framework. Laravel uses Blade templating engine which sanitizes the HTML by default. But DigiDocu is trying to render some HTML content without validating the input that comes from the user's profile ie. users can write some HTML using...

0.3AI score
Exploits0
Huntr
Huntr
β€’added 2021/02/22 12:0 a.m.β€’19 views

Cross-site Scripting (XSS) - Generic in cmason3/jinjafx

:book: Description JinjaFx is a Templating Tool that uses Jinja2 as the templating engine. It is written in Python and is extremely lightweight and hopefully simple - it doesn't require any Python modules that aren't in the base install, with the exception of jinja2 for obvious reasons, this...

0.3AI score
Exploits0
Huntr
Huntr
β€’added 2021/02/13 12:0 a.m.β€’19 views

Code Injection in heartexlabs/label-studio

Description Label Studio is a swiss army knife of data labeling and annotation tools which is vulnerable to Arbitrary Code Execution. Vulnerability Vulnerable to YAML deserialization attack caused by unsafe loading. Proof of Concept Installation bash pip3 install label-studio Run exploit.py impor...

2AI score
Exploits0References1
Huntr
Huntr
β€’added 2020/12/14 12:0 a.m.β€’19 views

Prototype Pollution in steveukx/properties

Description properties-reader is vulnerable to Prototype Pollution. Proof of Concept 1. Create the following PoC and INI files: // poc.js var propertiesReader = require'properties-reader'; console.log"Before : " + .polluted console.log"Before : " + .polluted1 var properties =...

2.1AI score
Exploits0
Huntr
Huntr
β€’added 2020/03/27 12:0 a.m.β€’19 views

Command Injection in zamotany/logkitty

Overview The issue occurs because a user input is formatted inside a command that will be executed without any check. Proof of Concept Credit: Mik317 1. Check there aren't files called HACKED 2. Execute the following commands in another terminal: bash npm i logkitty Install affected module logkit...

7.5CVSS2.1AI score0.0201EPSS
Exploits1
Huntr
Huntr
β€’added 2023/10/08 6:37 p.m.β€’18 views

Stored XSS in function Add discussion at the Copyediting section

Description I tested the demo site you provided and I see that there is a stored XSS in function Add discussion Proof of Concept payload: thanh"alert1 Steps 1. Login as any user 2. In the Unassigned section and click view 3. In the Workflow click Copyediting section and Add discussion 4. Insert...

6AI score0.00404EPSS
Exploits1
Huntr
Huntr
β€’added 2023/09/15 5:31 p.m.β€’18 views

STORED XSS in Journal-> Sections

Description Stored attacks are those where the injected script is permanently stored on the target servers, such as in a database, in a message forum, visitor log, comment field, etc. The victim then retrieves the malicious script from the server when it requests the stored information. Stored XS...

5.8AI score0.00449EPSS
Exploits1References1
Huntr
Huntr
β€’added 2023/09/13 9:58 p.m.β€’18 views

Improper input validation leads to arbitrary file deletion

Description The /process endpoint of the python API in collector/api.py exposes an endpoint waiting for a POST request with a parameter named filename : py @api.route"/process", methods="POST" def processfile: content = request.json targetfilename = content.get"filename" printf"Processing...

6.8AI score0.0073EPSS
Exploits1
Huntr
Huntr
β€’added 2023/09/12 11:22 a.m.β€’18 views

XSS Vulnerabilities in Search Functionality and Course Tags

Description 1. XSS via Image Error in Search Box: - This vulnerability allows an attacker to execute a Cross-Site Scripting XSS attack through the search functionality of the web application. When a user performs a search, the application attempts to display an image related to the search query...

5.8CVSS6.1AI score0.00442EPSS
Exploits1References1
Total number of security vulnerabilities4072