Twenty Year Anniversary
Showing 1 - 25 of 15,551 RSS Feed

XSS Files

RSA Archer 6.x Cross Site Scripting / Authorization Bypass
Posted Jul 20, 2018
Authored by Francesca Perrone, Donato Onofri | Site emc.com

RSA Archer, versions prior to 6.4.0.1, contain a stored cross-site scripting vulnerability. A remote authenticated malicious Archer user could potentially exploit this vulnerability to store malicious HTML or JavaScript code in a trusted application data store. When application users access the corrupted data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application. RSA Archer, versions prior to 6.4.0.1, contain an authorization bypass vulnerability in the REST API. A remote authenticated malicious Archer user could potentially exploit this vulnerability to elevate their privileges.

tags | advisory, remote, web, javascript, xss, bypass
advisories | CVE-2018-11059, CVE-2018-11060
MD5 | 574ac49865a7a3a381903494b92d19f8
WordPress All In One Favicon 4.6 Cross Site Scripting
Posted Jul 19, 2018
Authored by Javier Olmedo

WordPress All In One Favicon plugin version 4.6 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2018-13832
MD5 | 4e1fd052af536e388490d26a91809868
MyBB New Threads 1.1 Cross Site Scripting
Posted Jul 19, 2018
Authored by 0xB9

MyBB New Threads plugin version 1.1 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2018-14392
MD5 | ad2681c777df161b9e3674786e010194
Barracuda Cloud Control 7.1.1.003 Cross Site Scripting
Posted Jul 18, 2018
Authored by Benjamin Kunz Mejri | Site vulnerability-lab.com

Barracuda Cloud Control version 7.1.1.003 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | ff2e83501f0a7393dc41facb92cd154f
Barracuda Cloud Control 3.020 Cross Site Scripting
Posted Jul 18, 2018
Authored by Benjamin Kunz Mejri | Site vulnerability-lab.com

Barracuda Cloud Control version 3.020 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | f23473cf4a6e820950f67bcee0f9bdf1
Open-AudIT Community 2.1.1 Cross Site Scripting
Posted Jul 18, 2018
Authored by Ranjeet Jaiswal

Open-AudIT Community version 2.1.1 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2018-11124
MD5 | 8d1bccdf395bdfdaa21807febf23168e
Debian Security Advisory 4246-1
Posted Jul 16, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4246-1 - Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. discovered that mailman, a web-based mailing list manager, is prone to a cross-site scripting flaw allowing a malicious listowner to inject scripts into the listinfo page, due to not validated input in the host_name field.

tags | advisory, web, xss
systems | linux, debian
advisories | CVE-2018-0618
MD5 | 5da3a31476892b5c1ed2b5e50d884a97
Microhard Systems 3G/4G Cellular Ethernet And Serial Gateway XSS
Posted Jul 16, 2018
Authored by LiquidWorm | Site zeroscience.mk

Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway systems are prone to multiple reflected and stored cross-site scripting vulnerabilities due to a failure to properly sanitize user-supplied input to several parameters that are handled by various servlets. Attackers can exploit this issue to execute arbitrary HTML and script code in a user's browser session. Many versions are affected.

tags | exploit, arbitrary, vulnerability, xss
MD5 | 4335daff61aee85b79cf9f7773893b4c
WordPress Job Manager 4.1.0 Cross Site Scripting
Posted Jul 16, 2018
Authored by Berk Dusunur, Selimcan Ozdemir

WordPress Job Manager plugin version 4.1.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 713677340126e577af82e0180131ad8f
OpenConext-EngineBlock 5.7.3 Cross Site Scripting
Posted Jul 13, 2018
Authored by Andrew Klaus

OpenConext-EngineBlock versions 5.7.0 through 5.7.3suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2018-1000611
MD5 | 0f69b9dff062062f1f42999854188322
Barracuda ADC 5.x Cross Site Scripting
Posted Jul 13, 2018
Authored by Benjamin Kunz Mejri | Site vulnerability-lab.com

Barracuda ADC version 5.x suffers from cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | 99b253616567048a1e05557ba0af4897
RSA Identity Governance And Lifecycle Bypass / XSS
Posted Jul 12, 2018
Authored by Lukasz Plonka | Site emc.com

RSA Identity Lifecycle and Governance versions 7.0.1, 7.0.2 and 7.1.0 contains an authorization bypass vulnerability within the workflow architect component (ACM). A remote authenticated malicious user with non-admin privileges could potentially bypass the Java Security Policies. Once bypassed, a malicious user could potentially run arbitrary system commands at the OS level with application owner privileges on the affected system. RSA Identity Lifecycle and Governance versions 7.0.1, 7.0.2 and 7.1.0 contains a reflected cross-site scripting vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim application user to supply malicious HTML or JavaScript code to a vulnerable web application, which is then reflected back to the victim and executed by the web browser.

tags | advisory, remote, web, arbitrary, javascript, xss, bypass
advisories | CVE-2018-1245, CVE-2018-1255
MD5 | 1a57d9533919b282096f7aa641a6e6a8
ASUS WRT-AC66U 3.x Cross Site Scripting
Posted Jul 11, 2018
Authored by Lawrence Amer | Site vulnerability-lab.com

ASUS WRT-AC66U version 3.x suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | aba480dfcc85355673312758589656c4
AT&T Bizcircle Cross Site Scripting
Posted Jul 11, 2018
Authored by Benjamin Kunz Mejri | Site vulnerability-lab.com

AT&T Bizcircle suffered from a persistent cross site scripting vulnerability.

tags | exploit, xss
MD5 | 6af7e51a7e3f193603f050d6f1455865
Secutech DSL WR RIS 330 Cross Site Scripting
Posted Jul 11, 2018
Authored by Lawrence Amer | Site vulnerability-lab.com

Secutech DSL WR RIS 330 suffers from bypass and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | 17790cf345c66be4d62639d40e195a4f
WAGO e!DISPLAY 7300T XSS / File Upload / Code Execution
Posted Jul 11, 2018
Authored by T. Weber | Site sec-consult.com

WAGO e!DISPLAY 7300T WP 4.3 480x272 PIO1 version FW 01 - 01.01.10(01) suffer from code execution, cross site scripting, weak permission, and remote file upload vulnerabilities.

tags | exploit, remote, vulnerability, code execution, xss, file upload
advisories | CVE-2018-12979, CVE-2018-12980, CVE-2018-12981
MD5 | f12e1bdd6ce0d40862c5cca1957f6a1a
Instagram Clone Script 2.0 Cross Site Scripting
Posted Jul 11, 2018
Authored by Borna Nematzadeh

Instagram Clone Script version 2.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2018-13849
MD5 | 0c815e52abb806819d20e05d3af573fc
Barracuda ADC 5.x Filter Bypass / Cross Site Scripting
Posted Jul 11, 2018
Authored by Benjamin Kunz Mejri | Site vulnerability-lab.com

Barracuda ADC versions 5.x suffer from filter bypass and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | 4922f65cd11623f8f9e1265483337ccd
SeoChecker 1.9.2 Cross Site Scripting
Posted Jul 6, 2018
Authored by Ahmed Elhady Mohamed

SeoChecker Umbraco CMS plugin version 1.9.2 suffers from stored cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | a96d379727f9195ab3a19721905af0f2
Airties AIR5444TT Cross Site Scripting
Posted Jul 6, 2018
Authored by Raif Berkay Dincel

Airties AIR5444TT suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2018-8738
MD5 | 0dd6ee33fe368a4f8be66f74c0a28165
Subrion CMS 4.2.1 Cross Site Scripting
Posted Jul 6, 2018
Authored by Ismail Tasdelen

Subrion CMS version 4.2.1 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
MD5 | c050d3f68c4691a99cbb80bb3bbb2b64
Debian Security Advisory 4239-1
Posted Jul 3, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4239-1 - Fabian Henneke discovered a cross-site scripting vulnerability in the password change form of GOsa, a web-based LDAP administration program.

tags | advisory, web, xss
systems | linux, debian
advisories | CVE-2018-1000528
MD5 | 56086d082ca5d123804f4ef1df3e16f2
ModSecurity 3.0.0 Cross Site Scripting
Posted Jul 3, 2018
Authored by Adipta Basu

ModSecurity version 3.0.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2018-13065
MD5 | 81b262867ce165967872ed711dea1794
OX App Suite 7.8.4 XSS / XML Injection / Information Disclosure
Posted Jul 2, 2018
Authored by Secator, Michael Reizelman, Antonio

OX App Suite version 7.8.5 suffers from XML external entity injection, information disclosure, and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, info disclosure
advisories | CVE-2018-9997, CVE-2018-9998
MD5 | b4faef1ad16b321741447e57a22a0b31
extjs getTip() Cross Site Scripting
Posted Jul 2, 2018
Authored by Daniel Fritsch

extjs versions prior to 6.6.0 suffer from a cross site scripting vulnerability.

tags | advisory, xss
advisories | CVE-2018-8046
MD5 | 6918d7270bd31d8743adad33428062bc
Page 1 of 623
Back12345Next

Want To Donate?


Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

File Archive:

July 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    1 Files
  • 2
    Jul 2nd
    26 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    11 Files
  • 5
    Jul 5th
    13 Files
  • 6
    Jul 6th
    4 Files
  • 7
    Jul 7th
    4 Files
  • 8
    Jul 8th
    1 Files
  • 9
    Jul 9th
    16 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    32 Files
  • 12
    Jul 12th
    22 Files
  • 13
    Jul 13th
    15 Files
  • 14
    Jul 14th
    1 Files
  • 15
    Jul 15th
    1 Files
  • 16
    Jul 16th
    21 Files
  • 17
    Jul 17th
    15 Files
  • 18
    Jul 18th
    15 Files
  • 19
    Jul 19th
    17 Files
  • 20
    Jul 20th
    11 Files
  • 21
    Jul 21st
    1 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close