Search for: cve

CVE-2012-1503, Movable Type Pro 5.13en, Stored XSS, CWE-79, CAPEC-86, Full Disclosure

Persistent Backend-XSS CVE-2012-1503 Movable Type Pro 5.13en Keywords Web Application Security, Cross-Site Scripting (XSS), Movable Type 5.13en, Stored XSS, CWE-79, CAPEC-86, Vendor Unresponsive, Full Disclosure, CVE-2012-1503 Bounty The XSS.Cx Anti-Phishing Project paid 1250 Euros to Anonymous Introduction Movable Type (MT) started as one of the industries first blogging platforms and has developed into an industry […]

CVE-2012-1500, JIRA, GreenHopper, Stored XSS, CWE-79, CAPEC-19, Resolved

CVE-2012-1500 | GHS-5375 | GHS-5642 | XSS-2012-1500 Persistent (Stored) XSS JIRA v4.4.3#663-r165197 GreenHopper – Resolvedin Version 5.9.8CWE-79, CAPEC-19 Published: 9/3/2012 Keywords Web Application Security, Web, Cross-Site Scripting (XSS), Private Bug Report, JIRA, Atlassian, CWE-79, CAPEC-19, Stored XSS, Cross Site Request Forgery (CSRF), XSS.CX, Vulnerability Rewards Program, Security Content Automation Protocol (SCAP), Virtual Scripted Attacker (VSA) Reward     1250 Euro […]

CVE-2011-4763, Plesk Site Editor, CPanel 10.2.x, XSS, SQL Injection, CVE-2011-4764, CVE-2011-4765, CVE-2011-4766, CVE-2011-4767, CVE-2011-4768

############################################################# # Vendor: Plesk Small Business Manager 10.2 + Site Editor# URL http://www.parallels.com/products/small-business-panel/# Date: 2010-09-17 # Author : Hoyt LLC – http://xss.cx # Home : http://cloudscan.me# Bug : Cross Site Scripting + SQL Injection # Tested on : Plesk Small Business Manager 10.2.0 // Windows 2008 /64/R2# Disclosure : Uncoordinated # CVE ID’s : CVE-2011-4763 […]

CVE-2011-5020, Online TV Database, SQL Injection, CWE-89, CAPEC-66

CVE-2011-5020, Online TV Database, SQL Injection, CWE-89, CAPEC-66 Source URL http://sourceforge.net/projects/tvdb/Bug: SQLi in Id Parameter Application Description: “A web/XML interface and database schema for managing TV seriesinformation and user-submitted graphics. Will be interfaced by anumber of HTPC plugins and software. Currently used by plugins forMeedio, Media Portal, and XBox Media Center”. “The API is currently […]

Stored DOM XSS, icloud.com, Javascript Injection, jQuery 1.7.2, User Agent Exploitation, May 2013

TL;DR In May 2013 XSS.Cx reported Stored XSS in www.icloud.com and all related applications due to the execution of the Javascript Protocol Handler. The Root Cause of the Issue was using Notes to inject the Code and then a Browser to View the Exploit. An Attacker could craft a malicious Note and then Share the […]

XSS, LFI, Linksys E4200 Firmware, 0D

XSS, LFI in Cisco, Linksys E4200 Firmware CVE-2013-2678, CVE-2013-2679, CVE-2013-2680, CVE-2013-2681, CVE-2013-2682, CVE-2013-2683, CVE-2013-2684 Keywords XSS, Cross Site Scripting, CWE-79, CAPEC-86, Javascript Injection, Exploit, Zero Day, Cisco, Linksys, E4200, Wireless Router, cyberTAN Corp    Credits http://xss.cx/ Summary Reflected XSS + LFI Bugs in the Cisco, Linksys E4200 Wireless Router Firmware Version: 1.0.05 build 7 were […]

XSS, Javascript Injection, Brother MFC-9970CDW Printer Firmware L, 0D

Brother MFC-9970CDW Printer Firmware  CVE-2013-2507, CVE-2013-2670, CVE-2013-2671, CVE-2013-2672, CVE-2013-2673, CVE-2013-2674, CVE-2013-2675, CVE-2013-2676                         KeywordsXSS, Cross Site Scripting, CWE-79, CAPEC-86, Javascript Injection, Exploit, Zero Day, Brother MFC-9970 CDW     SummaryA Reflected XSS Bug in the Brother MFC-9970CDW Printer was discovered during a PenTest in […]