exploit the possibilities
Showing 1 - 25 of 17,307 RSS Feed

XSS Files

Red Hat Security Advisory 2022-4711-01
Posted May 27, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-4711-01 - The ovirt-engine package provides the Red Hat Virtualization Manager, a centralized management platform that allows system administrators to view and manage virtual machines. The Manager provides a comprehensive range of features including search capabilities, resource management, live migrations, and virtual infrastructure provisioning. Issues addressed include cross site scripting and denial of service vulnerabilities.

tags | advisory, denial of service, vulnerability, xss
systems | linux, redhat
advisories | CVE-2021-23425, CVE-2021-33502, CVE-2021-3807, CVE-2021-41182, CVE-2021-41183, CVE-2021-41184
SHA-256 | 70a0314e856faa7850385f954bd0bc6cedffe891f62a92cecd6f1fc993396b7a
Exploiting Persistent XSS And Unsanitized Injection Vectors For Layer 2 Bypass And COOLHANDLUKE Protocol Creation
Posted May 26, 2022
Authored by Ken Pyle | Site cybir.com

This whitepaper demonstrates leveraging cross site scripting and polyglot exploitation in an exploit called COOLHANDLUKE to violate network segmentation / layer 2 VLAN policies while routing and sending a file between isolated, air gapped networks without a router. This issue affects HPE Procurve, Aruba Networks, Cisco, Dell, and Netgear products.

tags | paper, protocol, xss
systems | cisco
SHA-256 | 1ec58f30e8a0a21c51d095c930eb3fc00827e2d07118a62f2dd3d6f7154a73ce
Exploiting Persistent XSS And Unsanitized Injection Vectors For DIRECTIVEFOUR Protocol Creation / IP Router-Less Tunneling
Posted May 26, 2022
Authored by Ken Pyle | Site cybir.com

In this whitepaper, the author demonstrates abusing persistent cross site scripting and polyglot payloads can allow for robust protocol creation similar to COOLHANDLUKE and allows an attacker to exfiltrate, encapsulate, and tunnel their malicious traffic between IPv4 and IPv6 networks without a router. The author calls the technique and protocol "DIRECTIVEFOUR". This issue affects Cisco SMB and Sx Series switches.

tags | paper, protocol, xss
SHA-256 | 4b5d4d8cfa4b802b87cad15d22893764dd635937e23e58bc76e7fa4673c00370
LiquidFiles 3.4.15 Cross Site Scripting
Posted May 19, 2022
Authored by Rodolfo Tavares | Site tempest.com.br

LiquidFiles version 3.4.15 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2021-30140
SHA-256 | 64fb0fffa85d330dbc47f539a594fa8fcad4c9362b419983c93474d08ba4e151
PHPIPAM 1.4.4 Cross Site Request Forgery / Cross Site Scripting
Posted May 19, 2022
Authored by Rodolfo Tavares | Site tempest.com.br

PHPIPAM version 1.4.4 suffers from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
advisories | CVE-2021-46426
SHA-256 | 050c77ae0f13a5b4247218de44f8bf133ca516aae7da4d73aba802231bdde893
Red Hat Security Advisory 2022-4623-01
Posted May 19, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-4623-01 - This release of Red Hat build of Quarkus 2.7.5 includes security updates, bug fixes, and enhancements. For more information, see the release notes page listed in the References section. Issues addressed include HTTP request smuggling, cross site scripting, denial of service, information leakage, and privilege escalation vulnerabilities.

tags | advisory, web, denial of service, vulnerability, xss
systems | linux, redhat
advisories | CVE-2021-22569, CVE-2021-29427, CVE-2021-29428, CVE-2021-29429, CVE-2021-3914, CVE-2021-43797, CVE-2022-0981, CVE-2022-21363, CVE-2022-21724
SHA-256 | 10e69ee091e2e078b2a41e7bbc107daf8c4ce083633ded9691b8ec2b700362a5
Red Hat Security Advisory 2022-2205-01
Posted May 19, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-2205-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.9.33. Issues addressed include a cross site scripting vulnerability.

tags | advisory, xss
systems | linux, redhat
advisories | CVE-2022-29036, CVE-2022-29041, CVE-2022-29046, CVE-2022-29047
SHA-256 | b98a768eae366cfdc727a202d36f9144a38ee93a1d91c74cb2410b0dd3974ebc
Emby Media Server 4.7.0.60 Cross Site Scripting
Posted May 18, 2022
Authored by Yehia Elghaly

Emby Media Server version 4.7.0.60 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 256376262a49c057629921be5beec6fce54d72865c495c12b211bc4fb22ecfaa
Showdoc 2.10.3 Cross Site Scripting
Posted May 17, 2022
Authored by Akshay Ravi

Showdoc versions 2.10.3 and below suffer from a persistent cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2022-0967
SHA-256 | 9794c5dc51ff960938f2de93bd6a7f9916dd3f208482681592b1d965acd7691a
T-Soft E-Commerce 4 Cross Site Scripting
Posted May 17, 2022
Authored by Alperen Ergel

T-Soft E-Commerce version 4 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | a38f9872c25051fb5d40689975a5a643292512cac28208caeaa677228ed3e251
Survey Sparrow Enterprise Survey Software 2022 Cross Site Scripting
Posted May 17, 2022
Authored by Pankaj Kumar Thakur

Survey Sparrow Enterprise Survey Software 2022 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2022-29727
SHA-256 | afd7b7d6dc71690c8e9b74e168637e22184d16b38d583b0e4f0fc7f27fe83aad
WordPress WP Event Manager 3.1.27 Cross Site Scripting
Posted May 16, 2022
Authored by Mariam Tariq

WordPress WP Event Manager plugin version 3.1.27 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | cb5312a73f5b91f714b3b64a7d4a985e9b27b678feeae51e27a65c49cef79597
Red Hat Security Advisory 2022-1823-01
Posted May 11, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-1823-01 - The mod_auth_openidc is an OpenID Connect authentication module for Apache HTTP Server. It enables an Apache HTTP Server to operate as an OpenID Connect Relying Party and/or OAuth 2.0 Resource Server. Issues addressed include cross site scripting and open redirection vulnerabilities.

tags | advisory, web, vulnerability, xss
systems | linux, redhat
advisories | CVE-2021-32786, CVE-2021-32791, CVE-2021-32792, CVE-2021-39191
SHA-256 | f239b6509c167d4f0fb694e9c49ad2a7197e2d9f0765f51fcc0f6869179992dc
Cyclos 4.14.7 Cross Site Scripting
Posted May 11, 2022
Authored by Tin Pham

Cyclos version 4.14.7 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
advisories | CVE-2021-31673, CVE-2021-31674
SHA-256 | e710f333bbcaeaac9f58dbc1a7e5505dde0018fe2fe7af025485b2f1b8973bd5
Red Hat Security Advisory 2022-1777-01
Posted May 11, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-1777-01 - WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Issues addressed include buffer overflow, bypass, code execution, cross site scripting, information leakage, out of bounds read, and use-after-free vulnerabilities.

tags | advisory, web, overflow, vulnerability, code execution, xss
systems | linux, redhat
advisories | CVE-2021-30809, CVE-2021-30818, CVE-2021-30823, CVE-2021-30836, CVE-2021-30846, CVE-2021-30848, CVE-2021-30849, CVE-2021-30851, CVE-2021-30884, CVE-2021-30887, CVE-2021-30888, CVE-2021-30889, CVE-2021-30890, CVE-2021-30897, CVE-2021-30934, CVE-2021-30936, CVE-2021-30951, CVE-2021-30952, CVE-2021-30953, CVE-2021-30954, CVE-2021-30984, CVE-2021-45481, CVE-2021-45482, CVE-2021-45483, CVE-2022-22589, CVE-2022-22590
SHA-256 | 1b42edcf15bc395449a2f06f7c24ba1c5002c9b86ced5974af0fc8fe1f4ffeb1
e107 CMS 3.2.1 Arbitrary File Upload / Cross Site Scripting
Posted May 11, 2022
Authored by Hubert Wojciechowski

e107 CMS version 3.2.1 suffers from cross site scripting and arbitrary file upload vulnerabilities that can allow for a shell upload.

tags | exploit, arbitrary, shell, vulnerability, xss, file upload
SHA-256 | 3ae8caceae21f93d20493507ca607ad9781c300dc643e858c7c2ac8aa48b23b5
PHProjekt PhpSimplyGest / MyProjects 1.3.0 Cross Site Scripting
Posted May 5, 2022
Authored by Andrea Intilangelo

PHProjekt PhpSimplyGest and MyProjects version 1.3.0 suffer from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2022-27308
SHA-256 | 683da3b4055369ad271be51cb81dbf94818591a437064ded4119628be26cc697
WordPress Stafflist 3.1.2 Cross Site Scripting
Posted May 3, 2022
Authored by Hassan Khan Yusufzai

WordPress Stafflist plugin version 3.1.2 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 74269ba0f910606e9499b4b87b6ba8ea243f907c7743fde42c4af10707d6f9da
Ubuntu Security Notice USN-5394-1
Posted Apr 28, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5394-1 - A large number of security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

tags | advisory, remote, web, denial of service, arbitrary, javascript, code execution, xss
systems | linux, ubuntu
advisories | CVE-2022-22624
SHA-256 | 4d28ba4ec65abbd647ce541d3f35e56b233b7e97e1369456b0e2db59766b5636
WordPress Curtain 1.0.2 Cross Site Scripting
Posted Apr 27, 2022
Authored by Hassan Khan Yusufzai

WordPress Curtain plugin version 1.0.2 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | dd409ca511bc0a28d91f8a872afb7a264e5d4cb727f4f0e12c12e46b3f19e402
WordPress Coru LFMember 1.0.2 Cross Site Scripting
Posted Apr 26, 2022
Authored by Mariam Tariq

WordPress Coru LFMember plugin version 1.0.2 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 74b9ec56ae316f5978465b98643c80e1a1217fc29f5dac8d5a1a8f0f73c876b9
Gitlab 14.9 Cross Site Scripting
Posted Apr 26, 2022
Authored by stacksmashing, Greenwolf

Gitlab versions 14.9 prior to 14.9.2, 14.8 prior to 14.8.5, and 14.7 prior to 14.7.7 suffer from a persistent cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2022-1175
SHA-256 | 8cb78a3472e539403d6d39fd3ad3b5fdeb25087820f659a117ceeeb4ad1a58b6
WordPress WP-Invoice 4.3.1 Cross Site Scripting
Posted Apr 26, 2022
Authored by Mariam Tariq

WordPress WP-Invoice plugin version 4.3.1 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 1198ae90a0a19ceea8037a4ba1f3a90e0f447c7505ff7bf4fad7fd12b756e2b3
WordPress ScrollReveal.js Effects 1.1.1 Cross Site Scripting
Posted Apr 25, 2022
Authored by Mariam Tariq

WordPress ScrollReveal.js Effects plugin version 1.1.1 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | f800608c7b194924e95a7c7384d8c6cfc72b83e0e53783ec418dd1ccd53766ac
WordPress Popup Maker 1.16.5 Cross Site Scripting
Posted Apr 19, 2022
Authored by Roel van Beurden

WordPress Popup Maker plugin version 1.16.5 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | dee276834c2f22c859c03de891f52e084ba8a1b053932c41a024857eb60f17be
Page 1 of 693
Back12345Next

File Archive:

May 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    0 Files
  • 2
    May 2nd
    15 Files
  • 3
    May 3rd
    19 Files
  • 4
    May 4th
    24 Files
  • 5
    May 5th
    15 Files
  • 6
    May 6th
    14 Files
  • 7
    May 7th
    0 Files
  • 8
    May 8th
    0 Files
  • 9
    May 9th
    13 Files
  • 10
    May 10th
    7 Files
  • 11
    May 11th
    99 Files
  • 12
    May 12th
    45 Files
  • 13
    May 13th
    7 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    26 Files
  • 18
    May 18th
    4 Files
  • 19
    May 19th
    17 Files
  • 20
    May 20th
    2 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    6 Files
  • 24
    May 24th
    19 Files
  • 25
    May 25th
    5 Files
  • 26
    May 26th
    12 Files
  • 27
    May 27th
    12 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close