Sign in to admin and look for the etemplates page (/studio/polyglot.php?page=etemplates)! Click Emails and edit the templates! Inject the JavaScript code into the System Name field!
A persistent XSS vulnerability was discovered in BSI Advance Hotel Booking System V2.0. An attacker can inject malicious JavaScript code into the 'title' parameter of the 'booking_details.php' page via a POST request. This code will be executed in the browser of any user who visits the page.
A SQL injection vulnerability exists in the Joomla! component com_jssupportticket in the file admin/models/userfields.php. The vulnerable code is in line 441, where user input is not properly sanitized before being used in a SQL query. An attacker can exploit this vulnerability to execute arbitrary SQL commands on the underlying database.
Adive Framework 2.0.7 and possibly before are affected by Cross-Site Request Forgery vulnerability, an attacker could change any user password.
A vulnerability in the Joomla! component com_jssupportticket allows an attacker to download arbitrary files from the server. This is due to the lack of proper input validation in the getDownloadAttachmentByName() function in the file admin/models/ticket.php. An attacker can craft a malicious URL to download any file from the server.
This module exploits the file upload vulnerability of baldr malware panel.
Aptana Jaxer 1.0.3.4547 is vulnerable to a local file inclusion vulnerability in the wikilite source code viewer. This vulnerability allows a remote attacker to read internal files on the server via tools/sourceViewer/index.html?filename=../ URI. To exploit this vulnerability an attacker must have access to the Aptana Jaxer web application. The Samples and Tools page will have the wikilite demo. After opening the wikilite demo the source code can be viewed by clicking the html button and selecting 'Wikilite source code'. This leads to http://server:8081/aptana/tools/sourceViewer/index.html?filename=../../samples/wikilite/index.html. by using directory traversal in the filename parameter a remote attacker can access internal files on the server.
This exploit allows an attacker to delete an income record from the Daily Expense Manager application. The attacker can craft a malicious HTML page with a form that submits a POST request to the homeedit.php page with the delincome parameter set to the ID of the income record they wish to delete. When a user visits the malicious page, the POST request will be sent and the income record will be deleted.
Open-School 3.0, and Community Edition 2.3, allows XSS via the /index.php?r=students/guardians/create id parameter. An attacker can inject malicious JavaScript code into the id parameter, which will be executed when the page is loaded.
The PresentationAvailabilityState::UpdateAvailability() function in Chromium contains a use-after-free vulnerability. This vulnerability occurs when the `AvailabilityChanged` function is called on an observer that has been removed from the `availability_observers` list. An attacker can exploit this vulnerability by creating a malicious webpage that calls the `PresentationRequest` API and then removes the iframe containing the request. This will cause the `AvailabilityChanged` function to be called on an observer that has been removed from the `availability_observers` list, resulting in a use-after-free vulnerability.
Services By CQR