Title: Selea Targa IP OCR-ANPR Camera Remote Stored XSS Advisory ID: ZSL-2021-5614 Type: Local/Remote Impact: Cross-Site Scripting Risk: (4/5) Release Date: 21.01.2021SummaryIP camera with optical character recognition (OCR) software for automaticnumber plate recognition

An undisclosed Cross-Site Scripting (XSS) vulnerability in Apache Velocity Tools can be exploited by unauthenticated attackers to target government sites, including NASA.Although 90 days have elapsed since the vulnerability was reported and patched, BleepingComputer is not aware of a formal disclosure made by the project.Apache Velocity i

The admin console's event viewer displays logged event data inside of <pre></pre> tags. An attack string like "</pre><script>alert('hi')</script>" in any place across Enterprise Search that will cause an error, like instead of a number or for the username on the login page or through the new Federated Au

Rocket.Chat has quietly fixed a stored XSS vulnerability in the followingcommits:https://github.com/RocketChat/Rocket.Chat/commit/96d3155245ec65f681664b48b6dafc94c1ea021chttps://github.com/RocketChat/Rocket.Chat/commit/43fe12d775b2329e780a1369a1b2c25070cdcab9Exploitation of this vulnerability is very straightforward by manipulatinga message attachment to con

Title: Reflected XSS Product: WordPress DirectoriesPro Plugin by SabaiApps Vendor Homepage: https://directoriespro.com/ Vulnerable Version: 1.3.45 Fixed Version: 1.3.46 CVE Number: CVE-2020-29303 Author: Jack Misiura from The Missing Link Website: https://www.themissinglink.com.au Timeline: 2020-11-26 Disclosed to Vendor2020-11-27 Vendor releases patched ve

Title: Self-reflected XSS Product: WordPress DirectoriesPro Plugin by SabaiApps Vendor Homepage: https://directoriespro.com/ Vulnerable Version: 1.3.45 Fixed Version: 1.3.46 CVE Number: CVE-2020-29304 Author: Jack Misiura from The Missing Link Website: https://www.themissinglink.com.au Timeline: 2020-11-26 Disclosed to Vendor2020-11-27 Vendor releases patch

Title: Stored cross-site scripting (XSS) Product: OpenAsset Digital Asset Management by OpenAsset Vendor Homepage: https://www.openasset.com/ Vulnerable Version: 12.0.19 (Cloud) 11.2.1 (On-premise) Fixed Version: 12.0.23 (Cloud) 11.4.10 (On-premise) CVE Number: CVE-2020-28857 Author: Jack Misiura from The Missing Link Website: https://www.themissinglink.com

Title: Reflected cross-site scripting (XSS) Product: OpenAsset Digital Asset Management by OpenAsset Vendor Homepage: https://www.openasset.com/ Vulnerable Version: 12.0.19 (Cloud) 11.2.1 (On-premise) Fixed Version: 12.0.22 (Cloud) 11.4.10 (On-premise) CVE Number: CVE-2020-28859 Author: Jack Misiura from The Missing Link Website: https://www.themissinglink.

Dear Team,Please find attached POC and detailed information about the stored XSS.# Exploit Title: online bus booking system project using PHP MySQL - Storedcross-site scripting# Exploit Author: Krishna Yadav# Vendor Homepage: https://www.sourcecodester.com# Software Link:https://www.sourcecodester.com/php/14438/online-bus-booking-system-project-using-phpmysq

Security expert disclosed technical details about a wormable, cross-platform flaw in Microsoft Teams that could allow stealth attacks. Security researcher Oskars Vegeris from Evolution Gaming has published technical details on a wormable, cross-platform vulnerability in the business communication platform Microsoft Teams. The flaw is a cross-site scrip

TikTok has addressed a couple of security issues that could have been chained to led account takeover.  The first issue addressed by the social media platform is a reflected XSS security flaw that has been reported by the bug bounty hunter Muhammed “milly” Taskiran via the bug bounty platform HackerOne. The Cross-Site-Scripting flaw affecte

Recently, I had a brief look at the Froala WYSIWYG HTML Editor (v3.2.0) as there was a post about it on the Full Disclosure mailing list. When targeting a HTML Editor, I guess one of the first things that everybody does is to check for XSS vulnerabilities. So I tried the usual XSS payloads (a great resource for XSS payloads is the XSS cheat sheet by PortSwig

## About Fancy Product Designer for WooCommerceFancy Product Designer for WooCommerce is a WordPress plugin which allows users to design custom products in a vendor's WooCommerce store. It is sold through the third-party marketplace "Envato Market" and boasts over 15,000 sales.## Stored XSS via SVG uploadFancy Product Designer for WooCommerce

Cross-Site Scripting (XSS) issues are the most common vulnerabilities that received the highest amount of rewards on the HackerOne vulnerability reporting platform. Cross-Site Scripting (XSS) is the most common vulnerability type and received the highest amount of rewards on the HackerOne vulnerability reporting platform. XSS vulnerabilities accounted

This year, Cross-Site Scripting (XSS) continued to be the most common vulnerability type and received the highest amount of rewards on HackerOne, the hacker-powered vulnerability reporting platform says.In a report published this week, HackerOne reveals that XSS flaws accounted for 18% of all reported issues, and that the bounties companies paid for these bu