Lucene search
K
HuntrMost viewed

4072 matches found

Huntr
Huntr
added 2021/03/30 11:47 a.m.19 views

Cross-site Scripting (XSS) - Stored in harish81/digidocu

✍️ Description DigiDocu is a CMS written in PHP using Laravel Framework. Laravel uses Blade templating engine which sanitizes the HTML by default. But DigiDocu is trying to render some HTML content without validating the input that comes from the user's profile ie. users can write some HTML using...

0.3AI score
Exploits0
Huntr
Huntr
added 2021/02/22 12:0 a.m.19 views

Cross-site Scripting (XSS) - Generic in cmason3/jinjafx

:book: Description JinjaFx is a Templating Tool that uses Jinja2 as the templating engine. It is written in Python and is extremely lightweight and hopefully simple - it doesn't require any Python modules that aren't in the base install, with the exception of jinja2 for obvious reasons, this...

0.3AI score
Exploits0
Huntr
Huntr
added 2021/02/19 12:0 a.m.19 views

Path Traversal in mucommander/mucommander

:book: Description mucommander A lightweight, cross-platform file manager with a dual-pane interface. This package is vulnerable for zip-slip. https://github.com/mucommander/mucommander https://www.mucommander.com/ :recycle: Steps To Reproduce-: 0 download and run latest release from...

1.2AI score
Exploits0
Huntr
Huntr
added 2021/02/13 12:0 a.m.19 views

Code Injection in heartexlabs/label-studio

Description Label Studio is a swiss army knife of data labeling and annotation tools which is vulnerable to Arbitrary Code Execution. Vulnerability Vulnerable to YAML deserialization attack caused by unsafe loading. Proof of Concept Installation bash pip3 install label-studio Run exploit.py impor...

2AI score
Exploits0References1
Huntr
Huntr
added 2020/12/14 12:0 a.m.19 views

Prototype Pollution in steveukx/properties

Description properties-reader is vulnerable to Prototype Pollution. Proof of Concept 1. Create the following PoC and INI files: // poc.js var propertiesReader = require'properties-reader'; console.log"Before : " + .polluted console.log"Before : " + .polluted1 var properties =...

2.1AI score
Exploits0
Huntr
Huntr
added 2020/03/27 12:0 a.m.19 views

Command Injection in zamotany/logkitty

Overview The issue occurs because a user input is formatted inside a command that will be executed without any check. Proof of Concept Credit: Mik317 1. Check there aren't files called HACKED 2. Execute the following commands in another terminal: bash npm i logkitty Install affected module logkit...

7.5CVSS2.1AI score0.0201EPSS
Exploits1
Huntr
Huntr
added 2023/10/08 6:37 p.m.18 views

Stored XSS in function Add discussion at the Copyediting section

Description I tested the demo site you provided and I see that there is a stored XSS in function Add discussion Proof of Concept payload: thanh"alert1 Steps 1. Login as any user 2. In the Unassigned section and click view 3. In the Workflow click Copyediting section and Add discussion 4. Insert...

6AI score0.00404EPSS
Exploits1
Huntr
Huntr
added 2023/09/22 5:2 a.m.18 views

Improper validation of intent data received in TextViewerActivity allows opening of arbitrary files in hamza417/inure

Description Tested on Build89 of the Inure application. It was discovered that the application had an exported activity .activities.association.TextViewerActivity which accepted intent data via the file scheme + text/ mime type and opened the associated files from provided URI data string. The...

1.7CVSS7AI score0.00261EPSS
Exploits1References1
Huntr
Huntr
added 2023/09/15 5:31 p.m.18 views

STORED XSS in Journal-> Sections

Description Stored attacks are those where the injected script is permanently stored on the target servers, such as in a database, in a message forum, visitor log, comment field, etc. The victim then retrieves the malicious script from the server when it requests the stored information. Stored XS...

5.8AI score0.00449EPSS
Exploits1References1
Huntr
Huntr
added 2023/09/12 7:39 a.m.18 views

Store DOM XSS in FAQ

Description I noticed, your website is very secure. But you overlooked a flaw XSS Proof of Concept 1 .Login vs admin demo account and access admin page. 2 .Create a category, Question with payload: haidoalertdocument.domain 3 .Select FAQ status published and Sticky 4 .Back to the homepage, detect...

7AI score0.00532EPSS
Exploits1
Huntr
Huntr
added 2023/09/08 2:10 p.m.18 views

Cookie without Secure flag

Description Access and login to the website. Press F12 on your keyboard or right-click on the website to open dev-tool. At Application tab, choose Cookies and there are some sensitive cookies without Secure flag. Proof of Concept...

7.1AI score0.00287EPSS
Exploits1References1
Huntr
Huntr
added 2023/08/05 10:31 p.m.18 views

CSRF Logout

Description Bad actor can send to victims link ie. obfuscated with payload /signout and when victims will use it - can change the state of user logged in/logged out. Proof of Concept Payload: https://eu.aptabase.com/api/auth/signout Repro steps: As logged in user https://eu.aptabase.com/ open new...

6.8AI score
Exploits0References2
Huntr
Huntr
added 2023/08/03 11:21 a.m.18 views

Stored HTML injection

Description Stored HTML Injection: A Hidden Web Threat. Learn how attackers exploit input fields to inject malicious code into web applications, jeopardizing user data and site integrity. Discover crucial prevention measures to safeguard against this insidious vulnerability. Step to reproduce 1...

4.9CVSS7AI score0.00381EPSS
Exploits1
Huntr
Huntr
added 2023/08/02 5:8 p.m.18 views

Cross-site Scripting (Stored XSS)

Description For any role that has permission to execute function assets, i can add a new asset. Even though the site only allows uploading images and gifs, I can still upload an html file by modifying the magic number and that leads to XSS. Proof of Concept 1. Link PoC:...

4.9CVSS7.2AI score0.00402EPSS
Exploits1
Huntr
Huntr
added 2023/07/13 8:47 p.m.18 views

Business Logic Error - letting the Name Field blank

Hello, I was able to bypass the restriction for setting an admin username and letting the username via spaces blank. Let's have a look. As you can see the name is with a red star and therefore required to be filled. Now we will add2 spaces and let the username blank and save. As you can see all t...

3.3CVSS7AI score0.00477EPSS
Exploits1References1
Huntr
Huntr
added 2023/06/14 8:40 p.m.18 views

Session Fixation Vulnerability

Description The application does not generate a new PHPSESSID cookie after the user authenticates successfully. A malicious user is able to create a new session cookie value and injects it to a victim pre-authenticaiton. After the victim logs in, the injected cookie becomes valid, giving the...

5.8CVSS6.7AI score0.00506EPSS
Exploits1
Huntr
Huntr
added 2023/06/12 6:25 a.m.18 views

URL Restriction Bypass

Description In attempting to fix a previous issue, the PATTERNUSERINFO regular expression was changed. This change introduced another way to bypass the URL allowlist by introducing non-alphanumeric characters into the user information part of the URL. Proof of Concept Run PlantUML with...

6.4CVSS6.6AI score0.0087EPSS
Exploits1
Huntr
Huntr
added 2023/06/09 4:16 p.m.18 views

Security vulnerability in product bundling feature

Description Our e-commerce platform offers a bundled sales promotion feature, allowing an administrator to bind the sale of a product to an addon. However, we have identified a security vulnerability that exists in this feature. After an administrator cancels a bundle offer, users can still make...

3.5CVSS6.8AI score0.00407EPSS
Exploits1
Huntr
Huntr
added 2023/06/09 8:32 a.m.18 views

we still can order the product even it is disabled

Description I am writing to report a potential security vulnerability that was uncovered in your platform. Specifically, we discovered that your product purchase functionality can still be accessed via API even after the product has been disabled and is no longer available for sale. Proof of...

4CVSS6.8AI score0.00509EPSS
Exploits1
Huntr
Huntr
added 2023/06/04 1:20 p.m.18 views

Create multiple user with the same username (Race Condition)

Description Administrator users can create multiple users with the same username which breaks the logic of the web application. Proof of Concept Step 1: At AdministrationUser ManagementManager User Screen, click on "New Local User" button Step 2: Fill in all the required fields, notice that the...

1.7CVSS6.9AI score0.00475EPSS
Exploits1
Huntr
Huntr
added 2023/05/11 4:41 p.m.18 views

Reflected Cross-Site Scripting when restoring a backup

Description A XSS vulnerability has been identified when an administrator restores a backup from a file. When using a specially crafted file, it's possible to trigger an error that will be displayed on the web page. Since the error message contains the invalid part of the file, any JavaScript cod...

4.3CVSS6.4AI score0.00576EPSS
Exploits1References1
Huntr
Huntr
added 2023/05/07 6:31 p.m.18 views

Stored XSS on items in Folder in nilsteampassnet/teampass lead to ATO

Description Stored XSS on items in Folder in nilsteampassnet/teampass lead to ATO Proof of Concept POC on my Drive video: https://drive.google.com/file/d/1OsksHJxcaNNABIoabLAwAKCu37S2VyT/view?usp=sharing...

6CVSS6.3AI score0.00909EPSS
Exploits1
Huntr
Huntr
added 2023/04/24 7:26 p.m.18 views

Stored XSS

Description I tested the demo site you provided. I see that there is an XSS vulnerability. I hope you can check and provide a fix as soon as possible. Proof of Concept link video PoC https://drive.google.com/file/d/186jNX2EJWaIaknmOmwBhQ663SSzv289/view?usp=sharing Step 1.Go to my preferences and...

4.9CVSS6.4AI score0.00569EPSS
Exploits1
Huntr
Huntr
added 2023/04/23 12:26 a.m.18 views

OS Command Injection via Type Confusion in Scan and Preview Parameters

Description Scanservjs has a RESTful API that provides endpoints for interacting with scanners using the SANE library. There are two APIs for scanning an image and generating a preview image that call out to Process.spawn, invoking a scanimage command as a subprocess of the server, and passing...

7.5CVSS8.7AI score0.40516EPSS
Exploits1
Huntr
Huntr
added 2023/04/20 8:2 a.m.18 views

Cross-site Scripting (XSS) - Stored in tsolucio/corebos

Description There is a taint path can store payload into the database. visit http://127.0.0.1/corebos-master/index.php?action=PickList&module=PickList and click Add Item, the Add new entries here: can be tainted. Although there has a front limitation, but we can bypass it by modifying the request...

4.9CVSS7AI score0.00517EPSS
Exploits1
Huntr
Huntr
added 2023/04/02 9:39 p.m.18 views

Reflected XSS on Sidekiq through multiples endpoints via GET parameter "period"

Description Reflected XSS attacks, also known as non-persistent attacks, occur when a malicious script is reflected off of a web application to the victim's browser. Proof of Concept There must have been a metrics during the default value of the period parameter. You simply have to set the payloa...

6.8CVSS8.5AI score0.02742EPSS
Exploits1
Huntr
Huntr
added 2023/04/02 5:19 a.m.18 views

Multiple Stored XSS via mail parameter

Description In PhpMyFaq, while submitting a question, the mail parameter is accepting unsanitized user input which leads to Stored XSS vulnerability, executing on Admin Panel /admin/?action=question. Proof of Concept 1. Go to https://roy.demo.phpmyfaq.de/index.php?action=ask&categoryid=0 1. Fill ...

4.3CVSS6.4AI score0.0046EPSS
Exploits1References1
Huntr
Huntr
added 2023/03/28 7:14 p.m.18 views

Input validation and money transfer vulnerability with negative number

Description I transfer money from account1 to account2. According to the scenario, account 1 will be deducted, and account 2 will add money. But account1 was add, account was sub. If I use a negative number and its value exceeds the account balance, the money will still be added to the transfer...

6.8AI score
Exploits0References1
Huntr
Huntr
added 2023/03/20 6:21 p.m.18 views

Stored XSS in name parameter of "Static Routes"

Description During testing, I observed that the name parameter of the "Static Routes" functionality is vulnerable to stored XSS. Proof of Concept 1.Login to https://demo.pimcore.fun/admin/. 2.Now go to Settings - Static Routes - Add and Enter the payload: " inside the name input field. 3.Then cli...

4.9CVSS6.2AI score0.00497EPSS
Exploits1References1
Huntr
Huntr
added 2023/03/01 11:9 p.m.18 views

Full CSRF Bypass

Description The intended way to reach functionality in $module/ajax.php is through the /xhr endpoint. Looking at the following code: https://github.com/unilogies/bumsys/blob/83bd788c21ce390f62e34ab6755a3e61c106418c/core/route.phpL43-L48 php if $pageSlug === "xhr" or $pageSlug === "info" and...

6.8CVSS6.8AI score0.0043EPSS
Exploits1
Huntr
Huntr
added 2023/02/26 2:52 p.m.18 views

CSRF leading to edit admin accounts

Description GET /admin/accounts/id/edit/?activetab=default page is vulnerable to a CSRF attack. Proof of Concept Login as admin. try to edit admin accounts example id=4 Open the following file in the browser. history.pushState'', '', '/'; document.forms0.submit;...

5.4CVSS6.4AI score0.00378EPSS
Exploits1
Huntr
Huntr
added 2023/02/19 8:39 p.m.18 views

SQL Injection at /front/report.dynamic.php

Description A SQL Injection vulnerability allow to guest user with reports view like "Technician" to extract all data from database and some cases write a webshell on the server. This vulnerability occurs because an insecure concatenation is taking place on this function:...

7.6AI score
Exploits0References1
Huntr
Huntr
added 2023/02/14 7:53 p.m.18 views

XSS Stored in the email address

Description Hello, I have located an xss stored by performing the following step: 1 - Go to tools 2 - GDPR Data Extractor 3 - Insert the payload into the email address 4 - click in send emails Proof of Concept...

4.9CVSS5.5AI score0.00403EPSS
Exploits1
Huntr
Huntr
added 2023/02/02 6:24 p.m.18 views

Stored Cross Site Scripting in the username

Description Stored XSS occurs when an attacker injects malicious code into a website, which is then stored on the server. In this case, the malicious code is being stored as the user's username. When someone accesses the shared page, the website retrieves the user's username from the server and...

4.9CVSS5.3AI score0.00443EPSS
Exploits1
Huntr
Huntr
added 2023/01/22 12:16 a.m.18 views

No Password Policy at all during Registration and and Password Change allows Account Takeover Exploitation

Dear Ladies and Gentlemen, First of all thank you for your time and effort reading my Report. While doing the Penetration Test i was able to weak Password Policy while Registration and Passwort changing allowing an attacker to easily exploit an account Takeover Vulnerability. This is due no...

6.5CVSS8.4AI score0.00707EPSS
Exploits1References1
Huntr
Huntr
added 2023/01/20 7:36 p.m.18 views

Stored/Reflected XSS when add new domain

Description there is an XSS vulnerability that malicious script is injected directly in list of domain Proof of Concept 1//go to admin/domains/ 2/ click add to add a new domain 3/ in name section add this payload " and you can see payload executed POC...

4.9CVSS5.1AI score0.00613EPSS
Exploits1
Huntr
Huntr
added 2023/01/05 9:8 a.m.18 views

Improper String/Integer Input Validation Leads to the Crashing of Site

Description If you give the string input in the Start/End time field, then the application will stop working. Proof of Concept 1. Go to "Settings-General-Reconnection" 2. Change activated to "on" 3. On every input fields place any string for example put: "test" 4. Click on save and refresh 5. The...

5CVSS7.3AI score0.00816EPSS
Exploits1
Huntr
Huntr
added 2022/12/24 3:28 p.m.18 views

Stored XSS in the module named "Website settings"

Description Our engineer found security problems when testing our website. And I have tested the demo website you provided. I found that there is indeed an xss vulnerability. I hope you can check and provide a fix as soon as possible.Thanks. \\ The reason for the vulnerability is that you have...

4.3CVSS5.4AI score0.00434EPSS
Exploits0
Huntr
Huntr
added 2022/12/24 7:18 a.m.18 views

Archive any post (public / private) using IDOR

Description It was observed that we can archive any users post using archive option by changing the post id. 1 Created user with lolwa username. 2 Posted a post and identified it's post id 1007. 3 Now get the post id from demo user i.e 1006. 4 Now click on archive for post id 1007 from user lolwa...

5CVSS0.00681EPSS
Exploits1References1
Huntr
Huntr
added 2022/12/19 4:3 p.m.18 views

Stored XSS in admin panel (users page)

Description Stored XSS in admin panel in users page via inject XSS payload in Name input field by any user to affect the admin panel Proof of Concept https://drive.google.com/file/d/1EsYq3R6GRAdEbpZxp2RwQwGr4G8fJGB7/view?usp=sharing...

4.9CVSS5.2AI score0.00487EPSS
Exploits0
Huntr
Huntr
added 2022/11/15 10:54 a.m.18 views

Path Traversal that leads to Remote Code Execution via PHP file upload

📜 Description A path traversal attack also known as directory traversal aims to access files and directories that are stored outside the web root folder. By manipulating variables that reference files with “dot-dot-slash ../” sequences and its variations or by using absolute file paths, it may be...

1.4AI score
Exploits0References1
Huntr
Huntr
added 2022/10/19 1:46 p.m.18 views

Stored XSS

Description webcalendar has a feature to add event and display the location of it. This feature lead to stored xss everytime a user open the calendar or the event detail page. Proof of Concept 1. 1- login as user 2. 2- create an event 3. 3- insert the payload on "location" field 4. 4- Save 5. 5- ...

4.9CVSS5.6AI score0.00526EPSS
Exploits1
Huntr
Huntr
added 2022/10/04 1:47 p.m.18 views

Password Reset Poisoning

Description Elgg uses the HTTP Host-Header in a password reset request to generate the password reset link that is sent to the user in an email without any filters or checks. This allows an attacker to craft a password reset request using a manipulated host header, resulting in reset-token leakag...

7.2AI score
Exploits0References1
Huntr
Huntr
added 2022/09/21 7:28 p.m.18 views

Mass Assignment leads to Stored XSS

Description The application is vulnerable to mass assignment in the User object. A user is able to enable their own account and change their username. The username is not properly sanitized in the admin user overview, leading to a stored XSS attack. Proof of Concept Steps to reproduce: 1. Log in...

4.9CVSS5.5AI score0.33968EPSS
Exploits1References1
Huntr
Huntr
added 2022/09/15 3:29 p.m.18 views

Stored Cross-Site Scripting (XSS) on Schedule Maintenance "Title" parameter

Description Stored Cross-Site Scripting XSS vulnerability in LibreNMS v22.8.0 allows attackers to execute arbitrary javascript code in the browser affected from function of "Schedule Maintenance" in "Title" parameter. Proof of Concept 1 - Click "Alerts" Click "Schedule Maintenance" from the...

4.9CVSS5.2AI score0.00551EPSS
Exploits2
Huntr
Huntr
added 2022/09/13 9:56 a.m.19 views

Password Can be set to very weak

Description For testing the issue, I have used the demo website. In edit user profile section we can set New Password to 1 Or any character. There is no policy for password or no password checking. Moreover, it also allows us to change password and the new password also can be set with weak...

7.5CVSS0.2AI score0.01032EPSS
Exploits1
Huntr
Huntr
added 2022/08/06 3:31 p.m.18 views

Unauthenticated Path Traversal

Description A unauthenticated user can read and download files of the application system by abusing the filename parameter, of the /api/image/cover-uploadendpoint, that is not properly sanitized. Proof of Concept 1 - Send the following request, where the filename has the relative path of the targ...

1.7AI score
Exploits0
Huntr
Huntr
added 2022/06/21 8:9 a.m.18 views

Stored XSS in EditEstadoDocumento

Description In facturascripts/EditEstadoDocumento, the field Icon can be injected an XSS payload into it. Proof of Concept // PoC.js POST /facturascripts/EditEstadoDocumento?code=27&action=save-ok HTTP/1.1 Host: 127.0.0.1 Content-Length: 1224 Cache-Control: max-age=0 sec-ch-ua:...

0.4AI score
Exploits0
Huntr
Huntr
added 2022/06/17 3:51 a.m.19 views

SSRF via Improper Input Validation

Description Hostname is not detected because of improper handling of username and password. Based on real cases Proof of Concept shell ❯ node -e 'const parseUrl = require"parse-url"; console.logparseUrl"http://google:com:@@localhost"' protocols: 'http' , protocol: 'http', port: null, resource:...

7.5CVSS0.4AI score0.01533EPSS
Exploits1
Huntr
Huntr
added 2022/05/23 11:25 a.m.18 views

Improper Restriction of Excessive Authentication Attempts in login feature

Description No rate-limiting leads to bruteforce attack in login feature Steps to reproduce 1.Go to https://www.rosariosis.org/demonstration/ 2.Login with any username and password 3.Using Burp and send login POST request to Intruder 4.Create 30 null payloads and start attack 5.Login with correct...

0.2AI score
Exploits0
Total number of security vulnerabilities4072