Tag
#xss
A vulnerability has been found in PHP Jabbers Availability Booking Calendar 5.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /index.php. The manipulation of the argument session_id leads to cross site scripting. The attack can be launched remotely. The identifier VDB-235957 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Cross Site Scripting vulnerability in Qibosoft qibosoft v.7 and before allows a remote attacker to execute arbitrary code via the eindtijd and starttijd parameters of do/search.php.
Text nodes not in the HTML namespace are incorrectly literally rendered, causing text which should be escaped to not be. This could lead to an XSS attack.
Cross Site Scripting vulnerability in GatesAIr Flexiva FM Transmitter/Exciter v.FAX 150W allows a remote attacker to execute arbitrary code via a crafted script to the web application dashboard.
A reflected cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility which allows an attacker to run JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
A cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
This archive holds a whitepaper called Introduction to Web Pentesting. It provides basic configuration for Burpsuite Proxy along with basic exploitation cross site scripting, SQL injection, cross site request forgery, and open redirects. Two copies of the whitepaper are included. One is in English and one is in Bulgarian.
Perch CMS version 3.2 suffers from a persistent cross site scripting vulnerability.
Joomla JLex GuestBook extension version 1.6.4 suffers from a cross site scripting vulnerability.