Tag
#xss
The Autoptimize WordPress plugin before 3.1.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
The WBW Currency Switcher for WooCommerce WordPress plugin before 1.6.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
There is a reflected Cross-Site Scripting vulnerability in the HCL Traveler web admin (LotusTraveler.nsf).
A stored cross-site scripting (XSS) vulnerability in the auth_settings component of FiberHome AN5506-02-B vRP2521 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the sncfg_loid text field.
Bug spawned by parsing problem in upstream package
Qsmart Next v4.1.2 was discovered to contain a cross-site scripting (XSS) vulnerability.
News247 News Magazine version 1.0 suffers from a persistent cross site scripting vulnerability.
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.6.
An issue was discovered in CrushFTP 9. The creation of a new user through the /WebInterface/UserManager/ interface allows an attacker, with access to the administration panel, to perform Stored Cross-Site Scripting (XSS). The payload can be executed in multiple scenarios, for example when the user's page appears in the Most Visited section of the page.
Categories: Explained Categories: News Tags: Fuzzing Tags: fuzz testing Tags: memory leaks Tags: runtime errors Tags: race conditions Tags: control flow error Tags: memory allocation Tags: buffer overflow Fuzzing is an automated software testing method that uses a wide range of invalid and unexpected data as input to find flaws. (Read more...) The post Explained: Fuzzing for security appeared first on Malwarebytes Labs.