Lucene search
K
ZdtMost viewed

39001 matches found

0day.today
0day.today
added 2024/01/29 12:0 a.m.351 views

Vinchin Backup And Recovery 7.2 syncNtpTime Command Injection Vulnerability

Vinchin Backup and Recovery versions 7.2 and below suffer from a command injection vulnerability in the syncNtpTime function. CVE ID: CVE-2024-22899 Title: Command Injection Vulnerability in Vinchin Backup and Recovery's syncNtpTime Function in Versions 7.2 and Earlier Description: A critical...

8.8CVSS7.7AI score0.02369EPSS
Exploits4
0day.today
0day.today
added 2023/09/11 12:0 a.m.351 views

VMware vRealize Log Insight Unauthenticated Remote Code Execution Exploit

VMware vRealize Log Insights versions 8.x contain multiple vulnerabilities, such as directory traversal, broken access control, deserialization, and information disclosure. When chained together, these vulnerabilities allow a remote, unauthenticated attacker to execute arbitrary commands on the...

9.8CVSS8.8AI score0.87077EPSS
Exploits3
0day.today
0day.today
added 2023/04/06 12:0 a.m.351 views

FileZilla Client 3.63.1 - (TextShaping.dll) DLL Hijacking Vulnerability

--------------------------------------------------------- Title: FileZilla Client 3.63.1 - 'TextShaping.dl' DLL Hijacking Author: Bilal Qureshi Vendor: https://filezilla-project.org/ Version: 3.63.1 Tested on: Windows 10 Pro 64-bit 10.0, Build 19044...

6.8AI score
Exploits0
0day.today
0day.today
added 2022/04/19 12:0 a.m.351 views

WordPress Elementor 3.6.2 Plugin - Remote Code Execution (Authenticated) Exploit

Exploit Title: WordPress Plugin Elementor 3.6.2 - Remote Code Execution RCE Authenticated Exploit Author: AkuCyberSec https://github.com/AkuCyberSec Vendor Homepage: https://elementor.com/ Software Link: https://wordpress.org/plugins/elementor/advanced/ scroll down to select the version Version:...

0.3AI score
Exploits0
0day.today
0day.today
added 2021/10/25 12:0 a.m.351 views

Balbooa Joomla Forms Builder 2.0.6 - SQL Injection Vulnerability

Exploit Title: Balbooa Joomla Forms Builder 2.0.6 - SQL Injection Unauthenticated Exploit Author: blockomat2100 Vendor Homepage: https://www.balbooa.com/ Version: 2.0.6 Tested on: Docker An example request to trigger the SQL-Injection: POST /index.php?option=combaforms HTTP/1.1 Host: localhost...

0.3AI score
Exploits0
0day.today
0day.today
added 2019/12/11 12:0 a.m.351 views

vBulletin 5.5.4 Remote Command Execution Exploit #RCE

This Metasploit module exploits vBulletin versions 5.x through 5.5.4 leveraging a remote command execution vulnerability via the widgetConfigcode parameter in an ajax/render/widgetphp routestring POST request. This module requires Metasploit: https://metasploit.com/download Current source:...

7.5CVSS0.7AI score0.99728EPSS
Exploits27
0day.today
0day.today
added 2024/02/11 12:0 a.m.350 views

Wordpress Seotheme - Remote Code Execution Unauthenticated Exploit

Exploit Title: Wordpress Seotheme - Remote Code Execution Unauthenticated Author: Milad Karimi Ex3ptionaL Category : webapps Tested on: windows 10 , firefox import sys , requests, re from multiprocessing.dummy import Pool from colorama import Fore from colorama import init initautoreset=True fr =...

7.4AI score
Exploits0
0day.today
0day.today
added 2022/06/27 12:0 a.m.350 views

WordPress Simple Page Transition 1.4.1 Cross Site Scripting Vulnerability

Exploit Title: WordPress Plugin ‘Simple Page Transition’ - Stored Cross Site Scripting Exploit Author: Mariam Tariq - HunterSherlock Vendor Homepage: https://wordpress.org/plugins/simple-page-transition/ Version: 1.4.1 Tested on: Firefox Contact me: email protected Vulnerable code: " / POC: 1-...

7.4AI score
Exploits0
0day.today
0day.today
added 2022/04/08 12:0 a.m.350 views

Simple House Rental System 1 Shell Upload Exploit

Simple House Rental System Unrestricted File Upload + RCE Author: D4rkP0w4r Note = login to client, don't need login to admin Description = Login to client = Upload web shell at Image Step to Reproduct Login to client - Register - Apartment Registration - Image - Submit Exploit Upload web shell a...

8.8CVSS8.9AI score0.02538EPSS
Exploits3
0day.today
0day.today
added 2022/04/06 12:0 a.m.350 views

Barco Control Room Management Suite Directory Traversal Vulnerability

I. SUMMARY Title: CVE-2022-2623 Barco Control Room Management Suite File Path Traversal Vulnerability Product: Barco Control Room Management Suite before 2.9 build 0275 and all prior versions Vulnerability Type: File Path Traversal Credit by/Researcher: Murat Aydemir from Accenture Cyber Security...

8.8CVSS0.1AI score0.15028EPSS
Exploits3
0day.today
0day.today
added 2021/12/15 12:0 a.m.350 views

SAP Netweaver IUUC_GENERATE_ACPLAN_DELIMITER ABAP Code Injection Exploit

SAP Netweaver versions SAP DMIS in at least 20111731 SP versions 0013 and below suffer from a remote ABAP code injection vulnerability in IUUCGENERATEACPLANDELIMITER. ============================================================================== title: Remote ABAP Code Injection in...

0.6AI score
Exploits0
0day.today
0day.today
added 2021/12/15 12:0 a.m.350 views

Oliver Library Server v5 - Arbitrary File Download Vulnerability

Exploit Title: Oliver Library Server v5 - Arbitrary File Download Exploit Authors: Mandeep Singh, Ishaan Vij, Luke Blues, CTRL Group Vendor Homepage: https://www.softlinkint.com/product/oliver/ Product: Oliver Server v5 Version: /oliver/FileServlet?source=serverFile&fileName= 2 Example to downloa...

7.1AI score
Exploits0
0day.today
0day.today
added 2021/12/08 12:0 a.m.350 views

Reprise License Manager 14.2 Remote Binary Execution Vulnerability

Product: Reprise License Manager 14.2 Vendor: Reprise Software CVE ID: CVE-2021-44153 Vulnerability Title: Authenticated Remote Binary Execution Severity: High Authors: Mark Staal Steenberg, Bilal El Ghoul, Gionathan Armando Reale, Andreas Fyhn Andersen, Oliver Lind Nordestgaard Introduction: Whe...

9.3CVSS0.6AI score0.02146EPSS
Exploits4
0day.today
0day.today
added 2021/11/10 12:0 a.m.350 views

Dolibarr ERP / CRM 13.0.2 Cross Site Scripting Vulnerability

Stored cross-site scripting in Dolibarr ERP & CRM Overview Advisory version: 1.0 Advisory status: Public Advisory URL: https://trovent.io/security-advisory-2105-02 Affected product: Dolibarr ERP & CRM Tested versions: Dolibarr 13.0.2 Vendor: Dolibarr foundation, https://www.dolibarr.org Credits:...

6.1CVSS6.4AI score0.79282EPSS
Exploits3
0day.today
0day.today
added 2021/11/03 12:0 a.m.350 views

PHPJabbers Simple CMS 5 - (name) Persistent Cross-Site Scripting Vulnerability

Exploit Title: PHPJabbers Simple CMS 5 - 'name' Persistent Cross-Site Scripting XSS Google Dork: subtitle:Copyright © 2021 PHPJabbers.com Date: 2021-10-28 Exploit Author: Vulnerability-Lab Vendor Homepage: https://www.phpjabbers.com/faq.php Software Link: https://www.phpjabbers.com/simple-cms/...

7.1AI score
Exploits0
0day.today
0day.today
added 2021/10/06 12:0 a.m.350 views

Tapatalk Plugins PHP Object Injection Vulnerability

PHP object injection vulnerability in all Tapatalk plugins that can allow attackers to execute PHP code, perform SQL injection, or cause denial of service conditions. Tapatalk Plugins PHP Object Injection dH team discovered PHP Object Injection vulnerability in all Tapatalk plugins, which is allo...

0.6AI score
Exploits0
0day.today
0day.today
added 2017/04/17 12:0 a.m.350 views

Microsoft Windows - Uncredentialed SMB RCE (MS17-010) Exploit

This Metasploit module uses information disclosure to determine if MS17-010 has been patched or not. Specifically, it connects to the IPC$ tree and attempts a transaction on FID 0. If the status returned is "STATUSINSUFFSERVERRESOURCES", the machine does not have the MS17-010 patch. This Metasplo...

9.3CVSS7.1AI score0.99693EPSS
Exploits94
0day.today
0day.today
added 2024/03/05 12:0 a.m.349 views

Multilaser RE160 Cookie Manipulation Access Bypass Vulnerability

Multilaser RE160 versions 5.07.51ptMTL01 and 5.07.52ptMTL01 suffer from an access control bypass vulnerability through cookie manipulation. =====Tempest Security Intelligence - Security Advisory - CVE-2023-38946======= Access Control Bypass in Multilaser router's Web Management Interface Author:...

9.8CVSS9.4AI score0.00962EPSS
Exploits6
0day.today
0day.today
added 2022/01/21 12:0 a.m.349 views

Online Project Time Management 1.0 SQL Injection Vulnerability

Title: Online Project Time Management 1.0 Multiple SQL - Injections Author: nu11secur1ty Date: 01.20.2022 Vendor: https://www.sourcecodester.com/users/tips23 Software: https://www.sourcecodester.com/php/15136/online-project-time-management-system-phpoop-free-source-code.html Description: The pid...

0.4AI score
Exploits0
0day.today
0day.today
added 2019/12/23 12:0 a.m.349 views

WordPress Core < 5.3.x - (xmlrpc.php) Denial of Service Exploit

Exploit for php platform in category web applications !/usr/bin/env python WordPress methodNamepingback.ping" entry += f"paramspingback/COUNT" entry += f"paramspingback/uuid.uuid4" entry += f"target/?p=1" entry += f"target/e" taxes DB more return entry def buildrequestpingback,target,entries:...

0.3AI score
Exploits0
0day.today
0day.today
added 2024/04/02 12:0 a.m.348 views

Petrol Pump Management Software v1.0 - Remote Code Execution Vulnerability

Exploit Title: Petrol Pump Management Software v1.0 - Remote Code Execution RCE Exploit Author: Sandeep Vishwakarma Vendor Homepage: https://www.sourcecodester.com Software Link:https://www.sourcecodester.com/php/17180/petrol-pump-management-software-free-download.html Version: v1.0 Tested on:...

7.2AI score
Exploits0
0day.today
0day.today
added 2024/02/05 12:0 a.m.348 views

GYM MS - GYM Management System - Cross Site Scripting Vulnerability

Exploit Title: GYM MS - GYM Management System - Cross Site Scripting Stored Vendor Homepage: https://phpgurukul.com/gym-management-system-using-php-and-mysql/ Software Link: https://phpgurukul.com/projects/GYM-Management-System-using-PHP.zip Version: 1.0 Last Update: 31 August 2022 Tested On: Kal...

7.4AI score
Exploits0
0day.today
0day.today
added 2023/05/31 12:0 a.m.348 views

Online Security Guards Hiring System 1.0 - Reflected XSS Exploit

Exploit Title: Online Security Guards Hiring System 1.0 – REFLECTED XSS Exploit Author : AFFAN AHMED Vendor Homepage: https://phpgurukul.com Software Link: https://phpgurukul.com/projects/Online-Security-Guard-Hiring-SystemPHP.zip Version: 1.0 Tested on: Windows 11 + XAMPP + PYTHON-3.X CVE :...

6.1CVSS6.4AI score0.06169EPSS
Exploits4
0day.today
0day.today
added 2023/05/26 12:0 a.m.348 views

Zenphoto 1.6 - Multiple stored XSS Vulnerability

Exploit Title: Zenphoto 1.6 - Multiple stored XSS Application: Zenphoto-1.6 xss poc Version: 1.6 Bugs: XSS Technology: PHP Vendor URL: https://www.zenphoto.org/news/zenphoto-1.6/ Software Link: https://github.com/zenphoto/zenphoto/archive/v1.6.zip Date of found: 01-05-2023 Author: Mirabbas Ağalar...

7.4AI score
Exploits0
0day.today
0day.today
added 2022/03/29 12:0 a.m.348 views

ALLMediaServer 1.6 Remote Buffer Overflow Exploit

Exploit Title: ALLMediaServer 1.6 Remote Buffer Overflow Discovered by: Yehia Elghaly Vendor Homepage: https://www.allmediaserver.org/ Software Link : https://www.allmediaserver.org/LiveUpdate/ALLMediaServer.exe Tested Version: 1.6 Vulnerability Type: Buffer Overflow DoS Remote Tested on OS:...

7.1AI score
Exploits0
0day.today
0day.today
added 2021/11/10 12:0 a.m.348 views

Employee Daily Task Management System 1.0 - (Name) Stored Cross-Site Scripting Vulnerability

Exploit Title: Employee Daily Task Management System 1.0 - 'Name' Stored Cross-Site Scripting XSS Exploit Author: Ragavender A G Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/edtms.zip Version: v1.0 Tested on:...

7.1AI score
Exploits0
0day.today
0day.today
added 2020/08/01 12:0 a.m.348 views

FreeBSD ip6_setpktopt Use-After-Free Privilege Escalation Exploit

This Metasploit module exploits a race and use-after-free vulnerability in the FreeBSD kernel IPv6 socket handling. A missing synchronization lock in the IPV62292PKTOPTIONS option handling in setsockopt permits racing ip6setpktopt access to a freed ip6pktopts struct. This exploit overwrites the...

8.1CVSS7.9AI score0.32978EPSS
Exploits4
0day.today
0day.today
added 2020/01/04 12:0 a.m.348 views

FreeBSD ftpd Remote Root Exploit

needs user account inside a chroot. ''' example reverse shells: [email protected] / uname -a;id; uname -a;id; FreeBSD r00tbox 10.0-RELEASE FreeBSD 10.0-RELEASE 0 r260789: Thu Jan 16 22:34:59 UTC 2014 [email protected]:/usr/obj/usr/src/sys/GENERIC amd64 uid=0root gid=0wheel groups=0wheel...

0.7AI score
Exploits0
0day.today
0day.today
added 2023/11/28 12:0 a.m.347 views

TitanNit Web Control 2.01 / Atemio 7600 Root Remote Command Execution Vulnerability

The Atemio AM 520 HD Full HD satellite receiver has a vulnerability that enables an unauthorized attacker to execute system commands with elevated privileges. This exploit is facilitated through the use of the getcommand query within the application, allowing the attacker to gain root access...

7.9AI score
Exploits0
0day.today
0day.today
added 2023/04/25 12:0 a.m.348 views

WordPress Shield Security 17.0.17 Cross Site Scripting / Missing Authorization Vulnerability

WordPress Shield Security Smart Bot Blocking and Intrusion Prevention plugin versions 17.0.17 and below suffer from cross site scripting and missing authorization vulnerabilities. Affected Plugin: Shield Security – Smart Bot Blocking & Intrusion Prevention Plugin Slug: wp-simple-firewall Affected...

7.2CVSS5.7AI score0.93046EPSS
Exploits2
0day.today
0day.today
added 2023/02/28 12:0 a.m.347 views

Osprey Pump Controller 1.0.1 pseudonym Command Injection Vulnerability

Osprey Pump Controller version 1.0.1 suffers from an unauthenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through the pseudonym HTTP POST parameter called by index.php script. Osprey Pump Controller 1.0.1 pseudonym Semi-blind...

0.4AI score
Exploits0
0day.today
0day.today
added 2023/02/28 12:0 a.m.347 views

Osprey Pump Controller 1.0.1 eventFileSelected Command Injection Vulnerability

Osprey Pump Controller version 1.0.1 suffers from an unauthenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through the eventFileSelected HTTP GET parameter called by DataLogView.php, EventsView.php and AlarmsView.php scripts. Ospr...

0.3AI score
Exploits0
0day.today
0day.today
added 2022/09/02 12:0 a.m.347 views

Sophos XG115w Firewall 17.0.10 MR-10 - Authentication Bypass Vulnerability

Aryan Chehreghani Exploit Title: Sophos XG115w Firewall 17.0.10 MR-10 - Authentication Bypass Exploit Author: Aryan Chehreghani Vendor Homepage: https://www.sophos.com Version: 17.0.10 MR-10 Tested on: Windows 11 CVE : CVE-2022-1040 VULNERABILITY DETAILS : This vulnerability allows an attacker to...

9.8CVSS0.4AI score0.99796EPSS
Exploits9
0day.today
0day.today
added 2022/07/07 12:0 a.m.347 views

Xen PV Guest Non-SELFSNOOP CPU Memory Corruption Exploit

On CPUs without SELFSNOOP support, a Xen PV domain that has access to a PCI device which grants the domain the ability to set arbitrary cache attributes on all its pages can trick Xen into validating an L2 pagetable that contains a cacheline that is marked as clean in the cache but actually diffe...

6.7CVSS7AI score0.00494EPSS
Exploits3
0day.today
0day.today
added 2022/03/24 12:0 a.m.347 views

Online Sports Complex Booking System 1.0 Account Takeover Vulnerability

Exploit Title: Online Sports Complex Booking System - Account Takeover Unauthenticated Exploit Author: Saud Alenazi Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/php/15236/online-sports-complex-booking-system-phpmysql-free-source-code.html Version:...

0.1AI score
Exploits0
0day.today
0day.today
added 2022/02/23 12:0 a.m.347 views

Adobe ColdFusion 11 Remote Code Execution Vulnerability

Exploit Title: Adobe ColdFusion 11 - LDAP Java Object Deserialization Remode Code Execution RCE Google Dork: intext:"adobe coldfusion 11" Exploit Author: Amel BOUZIANE-LEBLOND https://twitter.com/amellb Vendor Homepage: https://www.adobe.com/sea/products/coldfusion-family.html Version: Adobe...

7.1AI score
Exploits0
0day.today
0day.today
added 2018/11/06 12:0 a.m.347 views

FaceTime - RTP Video Processing Heap Corruption Exploit

Exploit for iOS platform in category dos / poc FaceTime - RTP Video Processing Heap Corruption Exploit There is a memory corruption issue when processing a malformed RTP video stream in FaceTime that leads to a kernel panic due to a corrupted heap cookie or data abort. This bug can be reached if ...

0.02759EPSS
Exploits1
0day.today
0day.today
added 2018/06/25 12:0 a.m.347 views

Foxit Reader 9.0.1.1049 - Remote Code Execution Exploit

Exploit for windows platform in category remote exploits %PDF 1 0 obj 2 0 obj /S /JavaScript /JS / Foxit Reader Remote Code Execution Exploit ========================================== Written by: Steven Seeley mrme of Source Incite Date: 22/06/2018 Technical details:...

6.8CVSS7.5AI score0.64074EPSS
Exploits13
0day.today
0day.today
added 2016/03/14 12:0 a.m.348 views

WordPress Site Import 1.0.1 Plugin - Local File Inclusion / Remote File Inclusion

Exploit for php platform in category web applications Exploit Title: Wordpress Site Import 1.0.1 | Local and Remote file inclusion Exploit Author: Wadeek Website Author: https://github.com/Wad-Deek Software Link: https://downloads.wordpress.org/plugin/site-import.1.0.1.zip Version: 1.0.1 Tested o...

7.1AI score
Exploits0
0day.today
0day.today
added 2006/06/19 12:0 a.m.347 views

IdeaBox <= 1.1 (gorumDir) Remote File Include Vulnerability

Exploit for unknown platform in category web applications =========================================================== IdeaBox = 1.1 gorumDir Remote File Include Vulnerability =========================================================== $$$$$$$$$$$$$$$ DEVIL TEAM THE BEST POLISH TEAM $$$$$$$$$$$$$$...

7.1AI score
Exploits0
0day.today
0day.today
added 2023/08/04 12:0 a.m.346 views

PHPJabbers Shuttle Booking Software 1.0 - Reflected XSS Vulnerability

Exploit Title: PHPJabbers Shuttle Booking Software 1.0 - Reflected XSS Exploit Author: CraCkEr Vendor: PHPJabbers Vendor Homepage: https://www.phpjabbers.com/ Software Link: https://www.phpjabbers.com/shuttle-booking-software/ Version: 1.0 Tested on: Windows 10 Pro Impact: Manipulate the content ...

6.1CVSS7.1AI score0.05177EPSS
Exploits4
0day.today
0day.today
added 2023/06/17 12:0 a.m.346 views

TP-Link Archer AX10(EU)_V1.2_230220 Buffer Overflow Vulnerability

Exploit Title: Buffer Overflow in TP-Link Archer AX10EUV1.2230220 Exploit Author: Giuseppe Compare CVE: CVE-2023-34832 Vendor Homepage: https://www.tp-link.com/ Version: TP-Link Archer AX10EUV1.2230220 Buffer Overflow There is a buffer overflow in the FUN131e8 function due to using sprintf...

9.8CVSS7.1AI score0.0136EPSS
Exploits2
0day.today
0day.today
added 2023/03/20 12:0 a.m.346 views

Adobe Connect 11.4.5 / 12.1.5 Local File Disclosure Vulnerability

Adobe Connect versions 11.4.5 and below as well as versions 12.1.5 and below suffer from a file disclosure vulnerability. Title: adobe connect - Local File Disclosure / Download security feature bypass vulnerability Author: h4shur CVE: CVE-2023-22232 Vendor Homepage: https://www.adobe.com Softwar...

5.3CVSS5.6AI score0.81875EPSS
Exploits4
0day.today
0day.today
added 2023/02/28 12:0 a.m.346 views

Osprey Pump Controller 1.0.1 Predictable Session Token / Session Hijacking Vulnerabilities

Osprey Pump Controller version 1.0.1 has an ELF binary called MirageCreateSessionCode.x that contains a weak session token generation algorithm that can be predicted and can aid in authentication and authorization bypass attacks. Further, session hijacking is possible due to MitM attack exploitin...

7.2AI score
Exploits0
0day.today
0day.today
added 2022/09/13 12:0 a.m.346 views

Infix LMS 4.3.0 Shell Upload Vulnerability

Exploit Title: Infix LMS - Learning Management System Shell Upload Exploit Author: th3d1gger Vendor Homepage: https://codecanyon.net Software Link: https://codecanyon.net/item/infixlms-learning-management-system/30626608 Version: 4.3.0 Tested on Ubuntu 18.04 sign up as teacher go profile page and...

7.4AI score
Exploits0
0day.today
0day.today
added 2022/02/05 12:0 a.m.346 views

Voltage SecureMail Server Business Logic Bypass Vulnerability

======================================================================= title: Business Logic Bypass - Mail Relay Post-authenticated product: Voltage SecureMail Server vulnerable version: Voltage SecureMail Server v7.3.0.1 fixed version: Voltage SecureMail Server v7.3.0.1 CVE number: CVE-2021-381...

6.5CVSS0.3AI score0.00857EPSS
Exploits2
0day.today
0day.today
added 2022/02/05 12:0 a.m.346 views

Servisnet Tessa - MQTT Credentials Dump (Unauthenticated) Exploit

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'metasploit/framework/credentialcollection' require 'metasploit/framework/loginscanner/mqtt' class MetasploitModule 'Servisnet Tessa - MQTT Credentials Dump...

7.5CVSS0.6AI score0.11484EPSS
Exploits4
0day.today
0day.today
added 2009/03/25 12:0 a.m.346 views

WeBid 0.7.3 RC9 (upldgallery.php) Remote File Upload Vulnerability

Exploit for unknown platform in category web applications ================================================================== WeBid 0.7.3 RC9 upldgallery.php Remote File Upload Vulnerability ==================================================================...

7.1AI score
Exploits0
0day.today
0day.today
added 2006/11/18 12:0 a.m.346 views

PHP Easy Downloader <= 1.5 (save.php) Remote Code Execution Exploit

Exploit for unknown platform in category web applications =================================================================== PHP Easy Downloader +------------------------------------------------------------------------------------------- + Details: + PHP Easy Download by default installation...

7.1AI score
Exploits0
0day.today
0day.today
added 2024/05/08 12:0 a.m.345 views

iboss Secure Web Gateway - Stored Cross-Site Scripting Vulnerability

Exploit Title: iboss Secure Web Gateway - Stored Cross-Site Scripting XSS Exploit Author: modrnProph3t Vendor Homepage: https://www.iboss.com Version: userName=TEST&x=TEST&action=login&redirectUrl= 3. Insert XSS payload into the "redirectUrl" parameter Example of request with inserted payload: PO...

6.1CVSS7.4AI score0.22002EPSS
Exploits4
Total number of security vulnerabilities5000