Stored Cross Site Scripting (Stored XSS) Vulnerability is found in the file upload functionally under the create asset section.
This exploit allows an attacker to inject malicious JavaScript code into the web application, which is then executed by the victim's browser. The exploit is triggered when the user browses to the 'Bookings' page and selects 'All Bookings'. They can then edit a booking and enter a payload in the 'Promo Code' field. The payload in this case is 'TEST"><script>alert(`XSS`)</script>'. When the form is submitted, the payload is stored in the database and later displayed on the 'Bookings' page, resulting in the execution of the malicious script.
The Zomplog v3.9 application is vulnerable to cross-site scripting (XSS) attacks. An attacker can exploit this vulnerability by injecting malicious code into the 'title' parameter of the POST request. This can lead to the execution of arbitrary JavaScript code in the context of the victim's browser.
This exploit allows an attacker to execute arbitrary code remotely in zomplog version 3.9. By manipulating the 'html' parameter, the attacker can inject PHP code to read the '/etc/passwd' file. This allows unauthorized access to sensitive system information.
Keeper Security Password vault Desktop application and Browser Extension stores credentials in plain text in memory. This can persist after logout if the user has not explicitly enabled the option to 'clear process memory'. As a result of this one can extract credentials & master password from a victim after achieving low priv access. This does NOT target or extract credentials from the affected browser extension (yet), only the Windows desktop app.
A CSV Injection vulnerability in the RosarioSIS web application with version 10.8.4 allows malicious users to execute malicious payload in csv/xls and redirect authorized user to malicious website.
The Perch CMS version 3.2 is vulnerable to a stored XSS attack. By uploading a specially crafted SVG file, an attacker can execute arbitrary JavaScript code in the context of the victim's browser.
This exploit allows remote code execution in Perch CMS v3.2. By uploading a specially crafted PHP file, an attacker can execute arbitrary commands on the target system.
Session tokens in RWS WorldServer have a low entropy and can be enumerated, leading to unauthorised access to user sessions.
The vulnerability laboratory core research team discovered multiple persistent cross site vulnerabilities in the PaulPrinting (v2018) cms web-application.
Services By CQR