Title: FIBARO System Home Center v5.021 Remote File Include XSS Advisory ID: ZSL-2020-5563 Type: Local/Remote Impact: Cross-Site Scripting Risk: (3/5) Release Date: 22.03.2020SummaryImagine that you live in a house where everything happens by itself.FIBARO Smart Home take

Drupal developers released security updates for versions 8.8.x and 8.7.x that fix two XSS vulnerabilities affecting the CKEditor library. The Drupal development team has released security updates for versions 8.8.x and 8.7.x that address two XSS vulnerabilities that affect the CKEditor library. CKEditor is the far superior successor of FCKeditor, it i

The developers of the Drupal content management system (CMS) announced on Wednesday that updates for versions 8.8.x and 8.7.x address a couple of vulnerabilities affecting the CKEditor library.CKEditor is a popular open source WYSIWYG editor that is highly configurable and has hundreds of features. Drupal uses CKEditor and it has decided to update it to vers

Hello,Please find a text-only version below sent to security mailing lists.The HTML version on "Multiple vulnerabilities found in Zyxel CNMSecuManager" is posted here: https://pierrekim.github.io/blog/2020-03-09-zyxel-secumanager-0day-vulnerabilities.html=== text-version of the advisory ===-----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512## Advisory

Hi FD,I am glad to present a new release of this tool: - https://xsser.03c8.net---------"Cross Site "Scripter" (aka XSSer) is an automatic -framework- todetect, exploit and report XSS vulnerabilities in web-basedapplications. It provides several options to try to bypass certainfilters and various special techniques for code injection."--

byDanny BradburyThousands of active WordPress plugins have been hit with a swathe of cross-site scripting (XSS) vulnerabilities that could give attackers complete control of sites. One of the affected plugins was designed to work with the popular WordPress ecommerce system WooCommerce.Researchers at NinTechNet found a vulnerability in the WordPress Flexible

MITREid Connect OpenID-Connect-Java-Spring-Server<https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server> version1.3.3 and earlier is vulnerable to Cross-Site Scripting; the users name isincluded in *topbar.tag* and *header.tag* without being sanitized. A usercan set their name to a value like:Test</script><script>alert(1)<

SEC Consult Vulnerability Lab Security Advisory < 20200225-0 >======================================================================= title: Multiple Cross-site Scripting (XSS) Vulnerabilities product: PHP-Fusion CMS vulnerable version: 9 - 9.03 fixed version: 9.03.30 CVE number: - impact: Medium

byDanny BradburyA popular GDPR compliance WordPress plugin vendor has patched a flaw that rendered both site visitors and admins vulnerable to cookie-stealing cross-site scripting (XSS) attacks.The GDPR Cookie Consent plugin, created by WebToffee, claims over 700,000 users. The plug-in is a notification app that begs you to accept cookies when you first visi

Title: Fifthplay S.A.M.I - Service And Management Interface Unauthenticated Stored XSS Advisory ID: ZSL-2020-5561 Type: Local/Remote Impact: Cross-Site Scripting Risk: (4/5) Release Date: 28.01.2020SummaryFifthplay is a Belgian high-tech player and a subsidiary of Niko Gr

Title: WEMS Enterprise Manager 2.58 (email) Reflected XSS Advisory ID: ZSL-2019-5551 Type: Local/Remote Impact: Cross-Site Scripting Risk: (3/5) Release Date: 29.12.2019SummaryWEMS Enterprise Manager is a centralised management and monitoringsystem for many WEMS equipped

Title: Carlo Gavazzi SmartHouse Webapp 6.5.33 CSRF/XSS Vulnerabilities Advisory ID: ZSL-2019-5543 Type: Local/Remote Impact: Cross-Site Scripting Risk: (3/5) Release Date: 30.11.2019SummaryCarlo Gavazzi is an international company that develops, manufacturesand sells elec

A researcher has earned $5,000 from Google for an interesting cross-site scripting (XSS) vulnerability found in the dynamic email feature added a few months ago to Gmail.The dynamic email feature, also known as Accelerated Mobile Pages (AMP) for email or AMP4Email, enables the use of dynamic HTML content in emails, allowing users to conduct various tasks dir

SEC Consult Vulnerability Lab Security Advisory < 20191014-0 >======================================================================= title: Reflected XSS vulnerability product: OpenProject vulnerable version: <= 9.0.3, <=10.0.1 fixed version: 9.0.4, 10.0.2 CVE number: CVE-2019-17092 impact: medium

Document Title===============Reflected XSS via `Broken Link Checker` v.1.11.8 WordPress plugin.Product Description===============Broken Link Checker will monitor your blog looking for broken links and letyou know if any are found.Homepage: https://managewp.com/WordPress Plugin: https://wordpress.org/plugins/broken-link-checker/PoC===============1) Login to y