Lucene search
K

4072 matches found

Huntr
Huntr
added 2021/12/20 8:14 p.m.12 views

Cross-site Scripting (XSS) - Reflected in tsolucio/corebos

Description coreBOS is vulnerable to Reflected Cross-Site Scripting in the advftcriteriagroups - advftcriteria parameters. Payload - Outside the JSON object. alertdocument.cookie - Inside the JSON object...

6.4AI score
Exploits0
Huntr
Huntr
added 2021/12/20 2:16 p.m.16 views

Cross-Site Request Forgery (CSRF) in star7th/showdoc

Description I found that the CSRF vulnerability that I reported to you before https://huntr.dev/bounties/1d8439e8-b3f7-40f8-8b30-f9cb05ff2bcd/ can still be exploited via the GET request. An attacker is able to do unintentional action in the victim account by tricking other users clicking on the...

6.8CVSS7.5AI score0.00614EPSS
Exploits1
Huntr
Huntr
added 2021/12/20 12:1 p.m.21 views

Cross-site Scripting (XSS) - Stored in janeczku/calibre-web

Description Missing input check on Identifiers lead to stored XSS. Steps to reproduce 1. 1. Any book - Edit metadata - Identifiers 2. 2. Set any value to the first field and javascript:alertdocument.domain to the second one. 3. 3. Save the book, select it, click on Identifier - XSSed! Proof of...

3.5CVSS0.9AI score0.00802EPSS
Exploits1
Huntr
Huntr
added 2021/12/20 11:47 a.m.147 views

Server-Side Request Forgery (SSRF) in janeczku/calibre-web

Title Blind SSRF via URL fetch Summary calibre-web allows external URL fetching in order to upload a book cover. However, instead of external URL it is possible to point to localhost, which will be reached resulting in blind SSRF. Steps to reproduce 1. 1. As an admin give permissions to upload...

7.5CVSS7.9AI score0.00954EPSS
Exploits1References1
Huntr
Huntr
added 2021/12/20 9:40 a.m.20 views

Cross-site Scripting (XSS) - Stored in polonel/trudesk

Description There are several areas in the web application that are vulnerable to stored XSS. They include: The chat feature when sending messages /messages/startconversation The name field when creating a department /departments Name field when creating teams /teams You can also exploit the XSS...

6AI score
Exploits0
Huntr
Huntr
added 2021/12/20 4:0 a.m.10 views

Cross-site Scripting (XSS) - Stored in requarks/wiki

Description Stored XSS can be performed by malicious XML / HTM files. There is no check in place to prevent such files from being uploaded. Proof of Concept 1 XML 1: Upload the following file as payload.xml: alert1 alert2 confirmdocument.domain Hello http://google.com Proof of Concept 2 HTM 2:...

6AI score
Exploits0
Huntr
Huntr
added 2021/12/20 3:13 a.m.12 views

Cross-site Scripting (XSS) - Stored in friends-of-forkcms/fork-cms-module-commerce

Description In the admin section in Commerce - Shop settings - Stock statuses - Edit stock statuses one can add XSS payloads. After adding XSS payloads when a user is visiting Commerce - Shop settings - Stock statuses the JavaScript code will be run. Proof of Concept Go to Commerce - Shop setting...

0.8AI score
Exploits0
Huntr
Huntr
added 2021/12/20 3:3 a.m.10 views

Cross-site Scripting (XSS) - Reflected in requarks/wiki

Description SVG sanitization is incomplete. Attackers can bypass fix in https://github.com/Requarks/wiki/security/advisories/GHSA-3qv4-gp35-rgh7 to perform XSS via malicious SVG files. Proof of Concept The fix commit sanitizes SVG if MimeType = svg+xml. Unfortunately this can be controlled by use...

1.2AI score
Exploits0
Huntr
Huntr
added 2021/12/20 12:43 a.m.15 views

SQL Injection in tsolucio/corebos

Description coreBOS is vulnerable to Blind SQL Injections in parameter userviewtype which allows the attacker to execute SQL commands on the target database. it is a time-based attack in which the result of the query will be determined based on the time of the response. payload...

0.4AI score
Exploits0
Huntr
Huntr
added 2021/12/19 3:12 p.m.11 views

Cross-site Scripting (XSS) - Stored in getgrav/grav-plugin-admin

Description grav-plugin-admin 1.10.25 has a Stored-XSS vulnerability that is executed when metadata information of a file whose name contains javascript are shown. Proof of Concept 1 - After installing grav+admin browse to http://127.0.0.1/admin/pages/home. 2 - Create a file named as follows:...

1.2AI score
Exploits0
Huntr
Huntr
added 2021/12/18 4:54 p.m.21 views

Cross-site Scripting (XSS) - Stored in zulip/zulip

Description Zulip is a powerful, open source group chat application that combines the immediacy of real-time chat with the productivity benefits of threaded conversations. Zulip is used by open source projects, Fortune 500 companies, large standards bodies, and others who need a real-time chat...

3.5CVSS0.6AI score0.0089EPSS
Exploits1
Huntr
Huntr
added 2021/12/18 8:16 a.m.19 views

Cross-site Scripting (XSS) - Stored in pimcore/pimcore

Description XSS in Classification Store included panels like Collections, Groups, Key,... in the store Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites. XSS attacks occur when an attacker uses a web...

6CVSS0.1AI score0.00877EPSS
Exploits1
Huntr
Huntr
added 2021/12/18 4:55 a.m.15 views

Cross-site Scripting (XSS) - Reflected in opensourcepos/opensourcepos

Description Reflected Cross site scripting vulnerability in barcode field and name field in itemkits category Proof of Concept 1. Login to the demo account 2. Go to item kits , edit any item and add payload in barcode field and click save 3. payload " 4. poc 1 https://ibb.co/ZJZLKdQ 5. poc 2...

Exploits0
Huntr
Huntr
added 2021/12/17 4:22 p.m.11 views

Cross-site Scripting (XSS) - Stored in tsolucio/corebos

Description coreBOS is vulnerable to Stored Cross-Site Scripting in the Campaign Type - Campaign Status - Expected Response fields. Request POST /index.php HTTP/1.1 Host: demo.corebos.com User-Agent: Mozilla/5.0 Windows NT 10.0; Win64; x64; rv:95.0 Gecko/20100101 Firefox/95.0 Accept:...

0.3AI score
Exploits0
Huntr
Huntr
added 2021/12/17 4:12 p.m.29 views

Heap-based Buffer Overflow in vim/vim

✍️ Description When fuzzing vim commit cd2f8f0e0 works with latest build and latest commit 7c0fb8003 per this time of this report v8.2.3811 with clang 13 and ASan, I discovered a heap buffer overflow. Proof of Concept Here is the poc bash ev0- How to build bash LD=lld AS=llvm-as AR=llvm-ar...

6.8CVSS8.3AI score0.01831EPSS
Exploits1
Huntr
Huntr
added 2021/12/17 8:47 a.m.16 views

Cross-Site Request Forgery (CSRF) in janeczku/calibre-web

Description CSRF on various endpoints Summary Pretty recently CSRF protection in calibre-web was implemented. However, there are some state-changing endpoints that accept GET requests instead of POST. The most impactful route so far, that allows to completely shutdown the server:...

6.8CVSS0.5AI score0.0054EPSS
Exploits1
Huntr
Huntr
added 2021/12/17 4:39 a.m.13 views

Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat

Description livehelperchat is vulnerable to stored XSS in users profile setting where username, password, repeat password, nickname, name, surname, job title fields are vulnerable to stored XSS. Proof of Concept this.constructor.constructor'alert"foo"' Enter the given payload in the above-mention...

3.5CVSS1.1AI score0.00634EPSS
Exploits1
Huntr
Huntr
added 2021/12/16 2:21 p.m.11 views

Cross-Site Request Forgery (CSRF) in livehelperchat/livehelperchat

Description I found one more CSRF at Clean cache in the System tab of System configuration via GET request. Proof of Concept CLICK ME! Impact This vulnerability is capable of tricking admin to clear the cache of the system, that can potential lead to a DoS attack. Remediation Use POST request...

6.8CVSS1AI score0.00539EPSS
Exploits1
Huntr
Huntr
added 2021/12/16 10:26 a.m.18 views

Cross-Site Request Forgery (CSRF) in splitbrain/dokuwiki

Description Auditing the AJAX endpoints revealed that some endpoints which perform state-changes do not have CSRF protection. Proof of Concept POST /lib/exe/ajax.php?call=draftdel&id=start Impact This vulnerability is capable of tricking users to delete their own drafts...

2.9AI score
Exploits0
Huntr
Huntr
added 2021/12/16 9:56 a.m.10 views

Improper Access Control in splitbrain/dokuwiki

Description Users can access drafts of restricted files if they have create permissions on the same namespace and have the ability to create their own usernames due to the conflicting cache names. This can reveal draft contents, delete draft and overwrite the draft content of the restricted file...

0.5AI score
Exploits0
Huntr
Huntr
added 2021/12/16 3:58 a.m.21 views

Cross-Site Request Forgery (CSRF) in snipe/snipe-it

Description CSRF to disrupt request tracking Proof of Concept Open the HTML file as a logged-in user Impact Unauthenticated attackers situated outside of the organization can disrupt request tracking by sending the malicious HTML to a user which will cause them to request an asset...

6.8CVSS1.3AI score0.00463EPSS
Exploits1
Huntr
Huntr
added 2021/12/15 2:13 p.m.17 views

Cross-site Scripting (XSS) - Stored in pimcore/web2print-tools

Description Stored XSS in the Description of the Favorite Output Channel Configurations. Steps to reproduce 1.Go to https://demo.pimcore.fun/admin/ and login. 2.In the left menu bar, click the Settings icon then choose Favorite Output Channel Configurations, the Favorite Output Channel...

6.3AI score
Exploits0
Huntr
Huntr
added 2021/12/15 9:35 a.m.86 views

Cross-site Scripting (XSS) - Stored in yeswiki/yeswiki

Description Stored XSS when Add a new entry for Forum Proof of Concept // PoC.req POST /doryphore/?BazaR&vue=saisir&action=saisirfiche&id=2 HTTP/1.1 Host: 127.0.0.1 User-Agent: Mozilla/5.0 Macintosh; Intel Mac OS X 10.15; rv:96.0 Gecko/20100101 Firefox/96.0 Accept:...

6.3AI score
Exploits0
Huntr
Huntr
added 2021/12/14 6:18 p.m.9 views

Cross-Site Request Forgery (CSRF) in laravelio/laravel.io

Description This CSRF is capable of making a user unintentionally subscribe and unsubscribe to a thread. Proof of Concept Visit https://laravel.io/forum/storing-sessions-as-in-a-storage-bucket/subscribe Visit https://laravel.io/forum/storing-sessions-as-in-a-storage-bucket/unsubscribe Impact One...

6.9AI score
Exploits0
Huntr
Huntr
added 2021/12/14 3:2 p.m.18 views

Cross-site Scripting (XSS) - Stored in yetiforcecompany/yetiforcecrm

Description Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a differen...

4.3CVSS0.00764EPSS
Exploits1
Huntr
Huntr
added 2021/12/14 12:48 p.m.30 views

Cross-site Scripting (XSS) - Stored in meetecho/janus-gateway

Description The stored XSS vulnerability occurs in the chat window because the user's input value is inserted into the web page without verification. javascript to: username, text: result ; textroom.data text: JSON.stringifymessage, error: functionreason bootbox.alertreason; , success: function...

4.3CVSS6.3AI score0.00942EPSS
Exploits1
Huntr
Huntr
added 2021/12/14 12:19 p.m.19 views

Business Logic Errors in yetiforcecompany/yetiforcecrm

Description YetiForceCRM application is vulnerable to Business Logic Errors in the Weight of a Product since that value can be a negative number. Proof of Concept 1.After login, in the left menu bar, click Databases - Products 2.Click any product to go to the product details. 3.In the product...

4CVSS2.1AI score0.00708EPSS
Exploits1
Huntr
Huntr
added 2021/12/14 9:47 a.m.19 views

Cross-Site Request Forgery (CSRF) in splitbrain/dokuwiki

Description Although security token is present in the delete draft POST request. It is not being checked in the backend by checkSecurityToken CSRF checks. Proof of Concept 1: As a logged-in user create a draft page, on the data/cache directory of the server run the command to confirm a draft has...

0.2AI score
Exploits0
Huntr
Huntr
added 2021/12/14 8:57 a.m.18 views

Cross-Site Request Forgery (CSRF) in livehelperchat/livehelperchat

Description CSRF in switching between enable and disable of the following: - Dark/bright - Auto uppercase sentences - Do not scroll to the bottom on chat open - Auto preload previous visitor chat messages - Load previous message on scroll - New messages - New chats - Online - Based on activity -...

4.3CVSS0.3AI score0.00489EPSS
Exploits1
Huntr
Huntr
added 2021/12/14 2:55 a.m.9 views

Cross-site Scripting (XSS) - Stored in convos-chat/convos

Description Stored XSS via upload File with format .svg when chatting in private conversation. Detail When opening the attachment, some format files will be rendered and loaded on the browser. So it allows executing arbitrary javascript code that was injected into attachment before. Proof of...

0.6AI score
Exploits0
Huntr
Huntr
added 2021/12/14 12:3 a.m.15 views

in convos-chat/convos

Description Hi there, I would like to report a vulnerability that allows a hacker to upload dangerous file type in convos. Proof of Concept Go to a conversation and click on upload file, then upload a file. The request to upload file looks like this: POST /api/files.json HTTP/1.1 Host:...

6.1AI score
Exploits0
Huntr
Huntr
added 2021/12/13 5:57 p.m.22 views

Cross-site Scripting (XSS) - Stored in yetiforcecompany/yetiforcecrm

Description I found file upload XSS, Stored Cross-Site Scripting XSS vulnerability due to the lack of content validation and output encoding. Proof of Concept 1. login and navigate to https://gitstable.yetiforce.com/index.php?module=Users&view=PreferenceEdit&record=5 2. Layout photo Add file. 3...

3.5CVSS5.3AI score0.00456EPSS
Exploits1
Huntr
Huntr
added 2021/12/13 9:56 a.m.6 views

Cross-site Scripting (XSS) - Reflected in openwhyd/openwhyd

Description openwhyd is vulnerable to Reflected XSS vulnerability via the redirect parameter at login page. Payload alertdocument.cookie Vulnerable URL https://openwhyd.org/login?redirect=alertdocument.cookie Proof of Concept Send users the following login link...

0.8AI score
Exploits0
Huntr
Huntr
added 2021/12/13 9:40 a.m.10 views

Open Redirect in openwhyd/openwhyd

Description openwhyd is vulnerable to Open Redirect vulnerability via the redirect parameter at login page. Vulnerable parameter redirect Vulnerable URL https://openwhyd.org/login?redirect=https://google.com Proof of Concept Send users the following login link...

1.2AI score
Exploits0
Huntr
Huntr
added 2021/12/13 6:24 a.m.9 views

Cross-Site Request Forgery (CSRF) in hdinnovations/unit3d-community-edition

Description CSRF to delete user accounts Proof of Concept Impact This vulnerability is capable of tricking admin users to delete user accounts...

1.5AI score
Exploits0
Huntr
Huntr
added 2021/12/13 3:10 a.m.38 views

in netristv/ws-scrcpy

Description read file From server Proof of Concept GET /../../../../../../../../../../../../etc/passwd HTTP/1.1 Host: xxxx Impact test on ws-scrcpy-0.7,this is The latest version...

5CVSS1.9AI score0.01227EPSS
Exploits1
Huntr
Huntr
added 2021/12/12 8:29 p.m.40 views

in pytorchlightning/pytorch-lightning

Description There is untrusted YAML Deserialization vulnerability on PyTorchLightning Github repository. PyTorchLightning's saving.py core.saving.loadhparamsfromyaml functionality is calling "yaml.UnsafeLoader" from pyyaml Python library which is not secure method. Because of that, maliciously...

6.8CVSS1AI score0.00978EPSS
Exploits1References1
Huntr
Huntr
added 2021/12/12 7:40 p.m.7 views

Cross-Site Request Forgery (CSRF) in splitbrain/dokuwiki

Description An attacker is able to log out a user if a logged-in user visits the attacker's website. Proof of Concept history.pushState'', '', '/' Impact This vulnerability is capable of forging users to unintentional logout. More Detail One way GET could be abused here is that a person competito...

0.4AI score
Exploits0
Huntr
Huntr
added 2021/12/12 6:29 p.m.17 views

Business Logic Errors in tsolucio/corebos

Description The application is vulnerable to Business Logic error through negative product amount. Proof of Concept Step 1: Login into the application https://demo.corebos.com/index.php?action=Login&module=Users Step 2: Navigate to Inventory - Product - Edit any product. Step 3: Now enter an amou...

0.1AI score
Exploits0
Huntr
Huntr
added 2021/12/12 5:19 p.m.11 views

Cross-site Scripting (XSS) - Stored in tsolucio/corebos

Description Stored XSS via File upload with format .xml in Product module. When opening the attachment, some format files will be rendered and loaded on the browser. So it allows executing arbitrary JavaScript code that was injected into attachment before. Proof of Concept alertdocument.domain;...

0.1AI score
Exploits0
Huntr
Huntr
added 2021/12/12 6:1 a.m.17 views

Cross-site Scripting (XSS) - Stored in snipe/snipe-it

Description Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a differen...

4.3CVSS0.00764EPSS
Exploits1
Huntr
Huntr
added 2021/12/11 6:32 p.m.11 views

Cross-Site Request Forgery (CSRF) in convos-chat/convos

Description An attacker is able to log out a user if a logged-in user visits the attacker's website. Proof of Concept history.pushState'', '', '/' Impact This vulnerability is capable of forging users to unintentional logout. More Detail One way GET could be abused here is that a person competito...

0.4AI score
Exploits0
Huntr
Huntr
added 2021/12/11 3:45 p.m.18 views

Improper Access Control in bookstackapp/bookstack

Description A logged-in user with no privileges OR guest user if public access enabled can access the /search/users/select AJAX endpoint meant for admins to manage audit logs, to dump all usernames existing in the Bookstack database. This can also be used to harvest email belonging to a user...

7.5CVSS7.6AI score0.26893EPSS
Exploits1
Huntr
Huntr
added 2021/12/11 2:52 p.m.6 views

Cross-site Scripting (XSS) - Reflected in yeswiki/yeswiki

Description Hey all, i found that the search function of YesWiki integrates the searched term into a value attribute inside an input tag, for example if i do a search on sneaky for example, it will put the term sneaky inside a value attribute: html now if i add a double quote to the searched term...

0.2AI score
Exploits0
Huntr
Huntr
added 2021/12/11 12:42 p.m.13 views

Cross-Site Request Forgery (CSRF) in francoisjacquet/rosariosis

Description An attacker is able to log out a user if a logged-in user visits the attacker's website. Proof of Concept history.pushState'', '', '/' document.forms0.submit; Impact This vulnerability is capable of forging users to unintentional logout. More details One way GET could be abused here i...

0.7AI score
Exploits0
Huntr
Huntr
added 2021/12/11 9:46 a.m.13 views

in patrowl/patrowlmanager

Description Hi there, I would like to report a vulnerability in the way PatrowlManager handle upload files. This is in Finding - Import feature Proof of Concept 1. Install PatrowlManager on you local system 2. Go to Finding - Import and import a file 3. An import request look like this POST...

6.1AI score
Exploits0
Huntr
Huntr
added 2021/12/11 9:12 a.m.14 views

Improper Privilege Management in patrowl/patrowlmanager

Description Hi there, I would like to report an improper privilege management in PatrowlManager - it's an IDOR. All imports findings file is placed under /media/imports// In that, ownerid is predictable and tmpfile is in format of import, for example: import11639213059582.json This filename is...

0.1AI score
Exploits0
Huntr
Huntr
added 2021/12/11 3:32 a.m.6 views

Cross-Site Request Forgery (CSRF) in gunet/openeclass

Description An attacker is able to log out a user if a logged-in user visits the attacker's website. Proof of Concept history.pushState'', '', '/' document.forms0.submit; Impact This vulnerability is capable of forging users to unintentional logout. More details One way GET could be abused here i...

0.7AI score
Exploits0
Huntr
Huntr
added 2021/12/10 7:5 p.m.21 views

Business Logic Errors in yetiforcecompany/yetiforcecrm

Description The application is vulnerable to Business Logic error through negative product amount. Proof of Concept Step 1: Login into the application https://gitstable.yetiforce.com/index.php Step 2: Navigate to Database - Product - Edit any product. Step 3: Now enter a negative amount in Unit...

4CVSS1.1AI score0.0062EPSS
Exploits1
Huntr
Huntr
added 2021/12/10 6:38 p.m.20 views

Cross-site Scripting (XSS) - Reflected in yetiforcecompany/yetiforcecrm

Description Application is vulnerable to Reflected cross site scripting attack on create Invoice. Proof of Concept Step 1: Login into the application https://gitstable.yetiforce.com/index.php Step 2: Navigate to Quick Create - Cost Invoice Step 3: Click on Source and enter the XSS Playload in...

4.3CVSS0.1AI score0.00782EPSS
Exploits1
Total number of security vulnerabilities4072