[CVE-2016-9891] Dotclear – XSS Vulnerability in Version 2.10.4

[CVE-2016-9891] Dotclear – XSS Vulnerability in Version 2.10.4 Product Information: Software: Dotclear Tested Version: 2.10.4, released 02.11.2016 Vulnerability Type: Cross-Site Scripting (CWE-79) Description: The project’s purpose is to provide a user-friendly tool allowing anyone to publish on the web, regardless of their technical skills. (copied from https://dotclear.org/about#undefined) Vulnerability description: There is a XSS vulnerability in

Continue reading [CVE-2016-9891] Dotclear – XSS Vulnerability in Version 2.10.4

Share this:

[CVE-2016-9681] Serendipity CMS – XSS Vulnerability in Version 2.0.4

[CVE-2016-9681] Serendipity CMS – XSS Vulnerability in Version 2.0.4 Product Information: Software: Serendipity CMS Tested Version: 2.0.4, released 26.09.2016 Vulnerability Type: Cross-Site Scripting (CWE-79) Download link: https://github.com/s9y/Serendipity/releases/tag/2.0.4 Description: Serendipity is a PHP-powered weblog engine which gives the user an easy way to maintain a blog. While the default package is designed for the casual blogger,

Continue reading [CVE-2016-9681] Serendipity CMS – XSS Vulnerability in Version 2.0.4

Share this:

[CVE-2015-2289] Serendipity CMS – XSS Vulnerability in Version 2.0

Serendipity CMS – XSS Vulnerability in Version 2.0 Product Information: Software: Serendipity CMS Tested Version: 2.0, released 23.1.2015 Vulnerability Type: Cross-Site Scripting (CWE-79) Download link: http://www.s9y.org/12.html Description: Serendipity is aimed to make everything possible you ever wish for. It is technically up to par to other well-known weblog scripts like Moveable Type or WordPress. (copied

Continue reading [CVE-2015-2289] Serendipity CMS – XSS Vulnerability in Version 2.0

Share this:

[CVE-2015-2082] UNIT4 Prosoft HRMS XSS Vulnerability

# Vulnerability type: Cross-site Scripting # Vendor: http://www.unit4.com/ # Product: UNIT4 Prosoft HRMS # Product site: http://www.unit4apac.com/products/prosofthrms # Affected version: 8.14.230.47 # Fixed version: 8.14.330.43 # Credit: Jerold Hoong & Edric Teo # PROOF OF CONCEPT The login page of UNIT4’s Prosoft HRMS is vulnerable to cross-site scripting. POST /Login.aspx?ReturnUrl=%2fCommon%2fBroadcastMessageDisplay.aspx%3fUrlReferrerCode%3d&UrlReferrerCode HTTP/1.1 Accept: text/html, application/xhtml+xml, */*

Continue reading [CVE-2015-2082] UNIT4 Prosoft HRMS XSS Vulnerability

Share this:

BEdita CMS – XSS and CSRF Vulnerability in Version 3.5.0

BEdita CMS – XSS & CSRF Vulnerability in Version 3.5.0 Product Information: Software: BEdita CMS Tested Version: 3.5.0, released 19.1.2015 Vulnerability Type: Cross-Site Scripting (CWE-79) & Cross-Site Request Forgery, CSRF (CWE-352) Download link: [http://www.bedita.com/download-bedita](http://www.bedita.com/download-bedita) Description: A software to create, manage content and organize it with semantic rules. (copied from [http://www.bedita.com/what-is-bedita](http://www.bedita.com/what-is-bedita)) Issues: 1) XSS in newsletter

Continue reading BEdita CMS – XSS and CSRF Vulnerability in Version 3.5.0

Share this: