Category: Stored XSS

CVE-2013-6853: Stored XSS in Y! Toolbar DOM for FireFox on MAC V3.1 + Windows V2.5 Resolved

CVE-2013-6853: Stored XSS via Code Injection in Y! Toolbar DOM for FireFox on MAC Version 3.1.0.20130813024103 and Windows Version 2.5.9.2013418100420. Resolved Published January 14, 2014 on XSS.Cx by Hoyt LLC Date: November 11, 2013                                                Author: Hoyt LLC http://xss.cx/ A local Stored XSS via Code Injection in Y! Toolbar DOM for FireFox on MAC Version 3.1.0.20130813024103 and […]

CVE-2013-1034, Stored XSS, XXE, OS X Server v2.2.1, APPLE-SA-2013-09-17-1, HTML Injection, JSON XSS, Stored DOM XSS, SQL Injection

CVE-2013-1034 Summary Last Updated 18/9/2013 @ 1800 GMTAPPLE-SA-2013-09-17-1 was released on September 17, 2013 to address multiple Bugs in OS X Server 2.2.1(163), collabd, reported to Apple Product Security on April 17, 2013. KeywordsCVE-2013-1034, Cross-Site Scripting, Apple, APPLE-SA-2013-09-17-1, CWE-79, CAPEC-86, CWE-611, OS X Version 2.2.1, DoS, Crash, CAPEC-66, Colladb, Ruby on Rails, PostgreSQLImpactCVSS Severity (version 2.0):CVSS v2 Base Score:4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:P/A:N)Impact Subscore: 2.9Exploitability Subscore: 8.6CVSS […]

CVE-2012-1903, Stored XSS, Javascript Injection, Telligent Community 5.6.583.20496

Telligent Community 5.6.583.20496 (Build: 5.6.583.20496)CVE-2012-1903Persistent Flash XSS Keywords: Security, Web, Cross-Site Scripting, Private Bug Report, Dell, Community, Adobe Flash, Telligent, EoL, No Fix The affected platform is based on the third-party community software Telligent Community 5.6.583.20496 (Build: 5.6.583.20496). The current release is Community 7.x and was not tested, Version 5 is EoL. IntroductionTelligent Community is […]

CVE-2012-1503, Movable Type Pro 5.13en, Stored XSS, CWE-79, CAPEC-86, Full Disclosure

Persistent Backend-XSS CVE-2012-1503 Movable Type Pro 5.13en Keywords Web Application Security, Cross-Site Scripting (XSS), Movable Type 5.13en, Stored XSS, CWE-79, CAPEC-86, Vendor Unresponsive, Full Disclosure, CVE-2012-1503 Bounty The XSS.Cx Anti-Phishing Project paid 1250 Euros to Anonymous Introduction Movable Type (MT) started as one of the industries first blogging platforms and has developed into an industry […]

CVE-2012-1500, JIRA, GreenHopper, Stored XSS, CWE-79, CAPEC-19, Resolved

CVE-2012-1500 | GHS-5375 | GHS-5642 | XSS-2012-1500 Persistent (Stored) XSS JIRA v4.4.3#663-r165197 GreenHopper – Resolvedin Version 5.9.8CWE-79, CAPEC-19 Published: 9/3/2012 Keywords Web Application Security, Web, Cross-Site Scripting (XSS), Private Bug Report, JIRA, Atlassian, CWE-79, CAPEC-19, Stored XSS, Cross Site Request Forgery (CSRF), XSS.CX, Vulnerability Rewards Program, Security Content Automation Protocol (SCAP), Virtual Scripted Attacker (VSA) Reward     1250 Euro […]