[CVE-2016-9891] Dotclear – XSS Vulnerability in Version 2.10.4

[CVE-2016-9891] Dotclear – XSS Vulnerability in Version 2.10.4 Product Information: Software: Dotclear Tested Version: 2.10.4, released 02.11.2016 Vulnerability Type: Cross-Site Scripting (CWE-79) Description: The project’s purpose is to provide a user-friendly tool allowing anyone to publish on the web, regardless of their technical skills. (copied from https://dotclear.org/about#undefined) Vulnerability description: There is a XSS vulnerability in

Continue reading [CVE-2016-9891] Dotclear – XSS Vulnerability in Version 2.10.4

Share this:

[CVE-2016-9681] Serendipity CMS – XSS Vulnerability in Version 2.0.4

[CVE-2016-9681] Serendipity CMS – XSS Vulnerability in Version 2.0.4 Product Information: Software: Serendipity CMS Tested Version: 2.0.4, released 26.09.2016 Vulnerability Type: Cross-Site Scripting (CWE-79) Download link: https://github.com/s9y/Serendipity/releases/tag/2.0.4 Description: Serendipity is a PHP-powered weblog engine which gives the user an easy way to maintain a blog. While the default package is designed for the casual blogger,

Continue reading [CVE-2016-9681] Serendipity CMS – XSS Vulnerability in Version 2.0.4

Share this:

[CVE-2015-2289] Serendipity CMS – XSS Vulnerability in Version 2.0

Serendipity CMS – XSS Vulnerability in Version 2.0 Product Information: Software: Serendipity CMS Tested Version: 2.0, released 23.1.2015 Vulnerability Type: Cross-Site Scripting (CWE-79) Download link: http://www.s9y.org/12.html Description: Serendipity is aimed to make everything possible you ever wish for. It is technically up to par to other well-known weblog scripts like Moveable Type or WordPress. (copied

Continue reading [CVE-2015-2289] Serendipity CMS – XSS Vulnerability in Version 2.0

Share this:

[CVE-2015-2082] UNIT4 Prosoft HRMS XSS Vulnerability

# Vulnerability type: Cross-site Scripting # Vendor: http://www.unit4.com/ # Product: UNIT4 Prosoft HRMS # Product site: http://www.unit4apac.com/products/prosofthrms # Affected version: 8.14.230.47 # Fixed version: 8.14.330.43 # Credit: Jerold Hoong & Edric Teo # PROOF OF CONCEPT The login page of UNIT4’s Prosoft HRMS is vulnerable to cross-site scripting. POST /Login.aspx?ReturnUrl=%2fCommon%2fBroadcastMessageDisplay.aspx%3fUrlReferrerCode%3d&UrlReferrerCode HTTP/1.1 Accept: text/html, application/xhtml+xml, */*

Continue reading [CVE-2015-2082] UNIT4 Prosoft HRMS XSS Vulnerability

Share this:

[CVE-2015-1583] ATutor LCMS – CSRF Vulnerability in Version 2.2

[CVE-2015-1583] ATutor LCMS – CSRF Vulnerability in Version 2.2 Product Information: Software: ATutor LCMS Tested Version: 2.2, released 25.8.2014 Vulnerability Type: Cross-Site Request Forgery, CSRF (CWE-352) Download link: http://atutor.ca/atutor/download.php Description: ATutor is an Open Source Web-based Learning Content Management System (LCMS) designed with accessibility and adaptability in mind. (copied from http://www.atutor.ca/credits.php#whatatutor) Issues: 1) CSRF in

Continue reading [CVE-2015-1583] ATutor LCMS – CSRF Vulnerability in Version 2.2

Share this: