jetlib.sec » Tags » xss

Feeds

133445 items (0 unread) in 27 feeds

• 1337day (was: Inj3ct0r, 1337db)
• OSVDB Vulnerabilities
• Exploit-DB
• SecurityFocus Vulnerabilities
• Bugtraq
• Full Disclosure
• XSSed
• Packet Storm Security Headlines
• Packet Storm Security Advisories
• Packet Storm Security Exploits
• Packet Storm Security Recent Files
• Packet Storm Security Tools
• Packet Storm Security Misc. Files
• Sophos security news
• Sophos product advisories
• Penetration Testing
• SecuriTeam
• BackTrack Linux Forums
• Threatpost
• SecDocs
• carnal0wnage.attackresearch.com
• Carnal0wnage
• Kernel Fun
• Darknet
• The Exploitant
• Hack a Day
• Wirevolution

1059 items tagged "xss"

Related tags: cross site scripting [+], microsoft [+], sql [+], forgery [+], code [+], sql injection [+], rich lundeen [+], jesse ou [+], injection [+], indiana jones 4 [+], indiana [+], hpsbmu [+], edge cases [+], apache [+], widget [+], whitepaper [+], web interface [+], usa [+], stored [+], session fixation [+], sap [+], mutiple [+], library [+], internet [+], dom [+], chaos communication congress [+], day [+], htb [+], vulnerability [+], xml entity [+], wordpress plugin [+], wishlist [+], wiki [+], vanilla [+], utm [+], upload [+], travis rhodes [+], table overview [+], table [+], swdesk [+], shell [+], pr10 [+], ocs inventory [+], ocs [+], movistar [+], module versions [+], module [+], mandriva linux [+], library versions [+], inventory [+], internet explorer [+], firewall [+], endian [+], drupal [+], database [+], cross [+], creation vulnerability [+], chile [+], arbor networks [+], application [+], apache 2 [+], account creation [+], bugtraq [+], year and four months [+], yaws [+], writing secure code [+], winn guestbook [+], twiki [+], tinywebgallery [+], tinyguestbook [+], time authors [+], tiki wiki [+], tiki [+], tag [+], street fight [+], sourcebans [+], slides [+], sleeping giant [+], site [+], shah tags [+], security appliance [+], ryan c. barnett [+], rule [+], rich internet [+], ria [+], report management [+], reflected [+], raghav [+], presistent [+], php [+], persistent [+], peakflow [+], patch [+], owasp [+], oracle [+], notification [+], ngs [+], networks [+], lms [+], lazyest [+], knowledgetree [+], kicking [+], javascript content [+], hat europe [+], groupware [+], google [+], ghosts [+], future [+], external resources [+], explorer [+], exploitation [+], europe [+], ensino [+], dominant creature [+], disclosure [+], directory [+], demonstration page [+], deadly cocktail [+], cve [+], cart [+], bypassing [+], bugzilla [+], browser game [+], browser [+], billy rios [+], authors [+], ariadne [+], amp [+], ajax [+], account [+], abu dhabi [+], multiple [+], security bulletin [+], webapps [+], security [+], zikula [+], xoops [+], wp stats dashboard [+], wikyblog [+], wikiwig [+], wicket [+], webspell [+], website manager [+], websense [+], webmin [+], webid [+], web security [+], web poll [+], web conferencing [+], warns [+], vitalogyweb [+], viscacha [+], virus scan [+], virus [+], viewer [+], video [+], vfront [+], version 6 [+], vbseo [+], user [+], uploadify [+], uc web [+], triton [+], thomson [+], syndeocms [+], sphinix [+], spacenuke [+], socialgrid [+], smartermail [+], simpliscms [+], simple chat [+], simple [+], servicedesk [+], serendipity [+], selectapix [+], secure [+], school [+], sasha [+], sap netweaver [+], safer use [+], s r [+], router [+], rev [+], response management system [+], reflective [+], redmine [+], rc5 [+], rapidleech [+], protocol handler [+], privilege [+], postcards [+], post [+], podcast [+], plone [+], phpgraphy [+], phpcollab [+], phpalbum [+], php guestbook [+], paper [+], page [+], oneorzero [+], novel techniques [+], next [+], newscoop [+], news [+], netweaver [+], netwaver [+], net [+], mobile web server [+], mitel [+], mingle [+], mibew [+], metasploit [+], messenger [+], mercury [+], maui [+], matthew [+], management homepage [+], manageengine [+], login [+], lknsupport [+], lightneasy [+], lifetype [+], lfi [+], kongreg [+], joomla [+], jakcms [+], ja programacao [+], iwantonebutton [+], interface [+], integration [+], insight manager [+], inline [+], information disclosure [+], information [+], inclusion [+], image gallery [+], http header [+], http [+], hp system [+], hp power [+], hide your [+], hesk [+], guestbook v2 [+], guestbook [+], glfusion [+], glassfish [+], ggb [+], gekko [+], gbook [+], framejammer [+], fortimail [+], fork [+], flexcms [+], flaw [+], flatpress [+], firstlastnames [+], filter internet [+], fcms [+], fast [+], fanupdate [+], eshop [+], escalation [+], eleanor cms [+], eleanor [+], edition [+], ebuddy [+], dotproject [+], dotclear [+], dominant [+], docuwiki [+], docuform [+], doc [+], discovered [+], directory traversal [+], directory listing [+], diafan [+], default [+], dashboard [+], dalbum [+], daily [+], cve request [+], cubecart [+], csrf [+], crystal reports [+], creature [+], core edition [+], compactcms [+], collabtive [+], clic [+], clansphere [+], chyrp [+], bmc [+], blogx [+], blind [+], black hat [+], bigace [+], baby [+], b xphone [+], axous [+], awc [+], authentication [+], atutor [+], attack patterns [+], asp [+], artur janc [+], archiva [+], apprain [+], application authors [+], aims [+], Topics [+], bulletin [+], vulnerabilities [+], security vulnerabilities [+], web [+], hpsbma [+], cms [+], zyxel, zoph, zomplog, zaki cms, zaki, youtube, yektaweb, yahoo, xtcommerce, xplico, x cms, www, wscms, worm, wordpress, wmscms, wms, wireless router, wiccle, whois, whizzy, websmart, website, webshop, webnetwork, webmatic, webmanager, webmail, webit, web worm, web suite, web server, web help, web builder, web brand, wcm, washington university in st louis, washington, warszawa, wampserver, vulnerability audit, vul, vpn, vodu, vodpod video, vodpod, vodafone, virtual keyboard, virtual, vindsl, videowhisper, videosearchscript, videodb, video gallery, video chat, version, vecchi, vbulletin, variation, vam, utstats, usr, user agent, url, university, understanding, ultrabb, uloki, ubb threads, ubb, txt, twitter, tumblr, truc, trixbox, translate, trading, trade, trackwise, toronja, tornadostore, topsite, toolkit sdk, toolkit, token, tikiwiki, threadid, thingie, theeta, tgz, textpattern, tenable network security, tenable, template, teamaccess, tcms, tagcloud, system, swf, sweetrice, suzuki xss, suzuki, suspected, surgemail, sugarcrm, subversion, subrion, subject field, subdreamer, stumbleupon, studio, stealing, stats, st.louis, ssrt, ssl vpn, ssl, srl, squirrelmail, sqli, spitfire, spip, speed connection, speed, spectrum software, spectrum, sparta, spam, spaceacre, solveable, software index, softbiz, socialware, social networking, social, snews, sitename, siteminder, siteloom, simpnews, simpgb, silverstripe, siestta, siebel crm, siebel, shoutbox, shopzilla, shopping cart, shopping, shop, sharetronix, sharepoint server 2007, sharepoint, shaadiclone, sethi, server v4, server installations, server, security risk, security linux, security advisory, security advisories, securid, secure desktop, search module, search, sdk versions, sdk, scripts, scripting, script sql, script php, script, scribe, scratcher, scheda, sbd, saved, saurus cms, saurus, santafox, s mp3, ruubikcms, runcms, rumba, rscomments, rsa, ronny cms, ronny, rokin, rialto, rfi, revolution, reservations, repairshop, rent, remote, release candidate, referer header, redirection, rediff, recommend, read, rce, rc3, razorcms, rave, radius, radiant, quot quot, quot, quality center, quality, punbb, pulse, ptc, prtg, proper location, promotion, profile customization, portalapp, portal script, portal, polypager, polls, poll script, poll, poc, pmwiki, pluxml, plugin, pligg, platform version, platform, pixie, piwik, pishbini, ping tool, pimcore, phreebooks, phpwind, phpplanner, phpmysite, phpmyfaq, phpmyadmin, phpinfo, phpfaber, phpeppershop, phpbb, phpauthentadmin, php calendar, phonebook, pgautopro, persistant, persian, penetration testers, pecio, pdf, paysitereviewcms, paypal, parameter, paloalto, palo alto, paessler, ossim, oscommerce, os 6, orange uk, orange co, orange, oracle web server, oracle siebel, openjournalsystem, openemr, opencms, openclassifieds, onyx, online, onion, onepound, onecms, onapsis, ofbiz, oamp, npds, noscript, norton, ninkobb, ning, nikiara, nigi, nextgen, network vulnerability, network, netwin, netsolution, nct, nationalcybersecurity, myworks, mystic, mybb, mullti, mortgage, mollify, moha, modx, mobster, mobile interface, mobile chat, mobile, mkportal, milehigh, mihao, microsoft sharepoint server, microsoft sharepoint portal, micro, metric, metinfo, merchant v2, merchant, menu version, members area, members, media, mechbunny, mds, mblogger, maxdev, matthew flick tags, matrimonial, marketplace, marinet, mango, management center, management, mambo, malicious data, malformed, make, mail, mahyanet, made, macs, lokomedia, loja, lizzard, livestreet, livehelp, lisk, linux versions, lineacms, limny, lightsabre, leonardo, lenta, lantern, klonews, kleophatra, kitchen, kft, keyboard plugin, kconsulting, kasseler, kandidat, k search, juniper secure, juniper ive, jugando, jsupport, joomproperty, jobs, job, jira, jevents, jcomments, jcart, jaws, javascript, isecauditors, iprov, invoices, internet explorer 8, intelligent management, instantlink, insertion, input validation, infolink, index, incoming email, impresscms, imc, image, iboutique, ibm websphere portal, ibibo, hybrid web, html url, html, hp servers, hot links, hosting, horoscop, horde imp, horde, hijacking, hijack, hexjector, helpdesk, havij, harvard university, harvard, hackvertor, hacktics, hacking, habari, grandora, grafik, gpeasy, gmail, getsimple, gejosoft, gareth heyes, fusion, fusetalk forums, fusetalk, full disclosure, friendster, free website creator, free, fraud management, fraud, forumcms, forum version, forum php, forum, footbal, flock browser, flock, flick, flashcard, flash, fjallfoss, first entertainment, filter, filenice, file, festos, feb, fcgi bin, fccgov, faq, family guestbook, family, factory, facebook, ezodiak, exv, extreme, expression, exposes, exponent, exploit, evx, evuln, evasion, euchia, eswap, error details, ericsson, eocms, entrans, enterprise manager, enterprise, engine, encryption decryption, encryption, emihost, email, elxis, elms, elitecms, elite, elenco, elastix, eduardo vela, edit, eden, ecomat, ecocms, eazycms, easypublish, easyphotostore, easyjobportal, easygb, easycms, easycarportal, easybiller, easy, e107, e php, e business, dynamixgate, dvbbs, duhok, drupalmp, dreamsoft, dream factory, dotdefender, don ankney, dom based xss, dom based cross, dom based, dojo, documents section, docmint, docebo, doc base, dmxready, dlinkdi, dlink di 604, dlink, discuz, digital kitchen, digital, diferior, diem, dia, detecting, desktop, design, decryption, dcp portal, dbsite, dbhcms, daybiz, david lindsay, dating, datalife, dataface, darknet, damianov, dada, d link, d greinar, d cloud, cyclecms, cybsec, customization, customer portal, customer, customcms, cumulus, csice, cruxpa, cruxcms, cross site, croogo, creations, cpanel, cookie, content management system, content folder, content components, content, concrete, compucms, comptel, component version, component, community forum, commerce versions, commerce, comments, com, collabnet, cold fusion application, code execution, cmsmadesimple, cmsimple, cmscout, cisco secure, cisco, chklogin, chipmunk, chillycms, chilly, checker, chcounter, chat, character transformations, chaos, chained, cerberus, centrepiece, center, ceica, catphones, catalogo, captcha, candid, campsite, calendar versions, calendar, calculator version, calculator, cactushop, cacti, bypass, bxr, business web, business suite, builder, brand web, brand developers, box, blogbird, blog, bitweaver, bgs, beta6, beta1, beta, besso, bcaccount, bc component, bbsmax, bbcode, bbblog, bassanonet, bard, badoo, b2b trading, b2b marketplace, b marketplace, avarcade, auto classifieds, auto, authenticated, audio, auctions, atmail, atacimo, astrology, asterisk, astaro, asimple, arwscripts, article, artgk, arisg, ardguest, arcademsx, arcade, arabic, application framework, apple xss, apple itunes, apple, apphp, api software, apache axis2, answer, anonymous, ankney, angel lms, ane, and, analyticator, amortization calculator, amortization, amiro, amethyst, altconstructor, alpha2, alpha, allinta, alkakon, alfa 1, affiliate store, affiliate script, affiliate, aef, advisory, advisories, advanced, administrative section, add, acuity, activemq, active media, action parameter, action, acontent, achecker, access, abzarak, aardvark, Tools, Support, Software, Release, NON, General, Forums, FCC, ExploitsVulnerabilities, Community, BackTrack, 4site

• May 21, 2012
• 14:00

  [webapps / 0day] - Vanilla Forums About Me Plugin Persistant XSS

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  [webapps / 0day] - Vanilla Forums About Me Plugin Persistant XSS

  Tags:  vanilla day webapps xss  

• May 18, 2012
• 14:00

  [webapps / 0day] - Vanilla Forums LatestComment 1.1 Plugin Persistent XSS

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  [webapps / 0day] - Vanilla Forums LatestComment 1.1 Plugin Persistent XSS

  Tags:  day webapps xss vanilla  

• 14:00

  [webapps / 0day] - Vanilla FirstLastNames 1.3.2 Plugin Persistant XSS

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  [webapps / 0day] - Vanilla FirstLastNames 1.3.2 Plugin Persistant XSS

  Tags:  vanilla day firstlastnames xss  

• May 15, 2012
• 14:00

  [webapps / 0day] - Axous 1.1.1 Multiple Vulnerabilities (CSRF - Persistent XSS)

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  [webapps / 0day] - Axous 1.1.1 Multiple Vulnerabilities (CSRF - Persistent XSS)

  Tags:  day axous webapps xss vulnerabilities  

• May 14, 2012
• 14:00

  [webapps / 0day] - Topics viewer v 2.3 csrf (Add Admin) / XSS Vulnerabilites

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  [webapps / 0day] - Topics viewer v 2.3 csrf (Add Admin) / XSS Vulnerabilites

  Tags:  viewer day Topics xss  

• May 08, 2012
• 14:00

  [webapps / 0day] - Serendipity 1.6 Backend XSS And SQLi Vulnerability

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  [webapps / 0day] - Serendipity 1.6 Backend XSS And SQLi Vulnerability

  Tags:  day serendipity webapps xss vulnerability  

• May 04, 2012
• 14:00

  [webapps / 0day] - Next Gen CMS XSS Presistent Vulnerability

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  [webapps / 0day] - Next Gen CMS XSS Presistent Vulnerability

  Tags:  day next webapps presistent xss vulnerability  

• May 03, 2012
• 14:00

  [webapps / 0day] - Baby Gekko CMS v1.1.5c Multiple Stored XSS Vulnerabilities

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  [webapps / 0day] - Baby Gekko CMS v1.1.5c Multiple Stored XSS Vulnerabilities

  Tags:  day baby gekko xss cms  

• 13:00

  Bugtraq: [waraxe-2012-SA#088] - Reflected XSS in Joomla 2.5.4 admin sysinfo page

   » ‎ SecurityFocus Vulnerabilities
  [waraxe-2012-SA#088] - Reflected XSS in Joomla 2.5.4 admin sysinfo page

  Tags:  xss reflected joomla bugtraq  

• April 30, 2012
• 14:00

  [webapps / 0day] - C4B XPhone UC Web 4.1.890S R1 XSS Vulnerability

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  [webapps / 0day] - C4B XPhone UC Web 4.1.890S R1 XSS Vulnerability

  Tags:  xss day web s-r b-xphone uc-web vulnerability  

• 11:00

  Bugtraq: NGS00141 Technical Advisory: Websense Triton 7.6 stored XSS in report management UI

   » ‎ SecurityFocus Vulnerabilities
  NGS00141 Technical Advisory: Websense Triton 7.6 stored XSS in report management UI

  Tags:  report-management websense xss  

• April 23, 2012
• 15:00

  Bugtraq: Re: phpMyBible 0.5.1 Mutiple XSS

   » ‎ SecurityFocus Vulnerabilities
  Re: phpMyBible 0.5.1 Mutiple XSS

  Tags:  bugtraq xss mutiple  

• 11:00

  Bugtraq: XSS and Blind SQL Injection Vulnerabilities in ExponentCMS

   » ‎ SecurityFocus Vulnerabilities
  XSS and Blind SQL Injection Vulnerabilities in ExponentCMS

  Tags:  xss blind sql sql-injection vulnerabilities  

• 10:00

  Bugtraq: phpMyBible 0.5.1 Mutiple XSS

   » ‎ SecurityFocus Vulnerabilities
  phpMyBible 0.5.1 Mutiple XSS

  Tags:  bugtraq xss mutiple  

• April 22, 2012
• 14:00

  [webapps / 0day] - Oracle GlassFish Server 3.1.1 (build 12) Multiple XSS Vulnerabilities

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  [webapps / 0day] - Oracle GlassFish Server 3.1.1 (build 12) Multiple XSS Vulnerabilities

  Tags:  day oracle webapps glassfish xss  

• April 21, 2012
• 14:00

  [webapps / 0day] - Net-Shops - XSS Presistent Vulnerability

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  [webapps / 0day] - Net-Shops - XSS Presistent Vulnerability

  Tags:  xss day net vulnerability  

• April 20, 2012
• 14:01

  Bugtraq: XSS in Kaseya version 6.2.0.0 web interface

   » ‎ SecurityFocus Vulnerabilities
  XSS in Kaseya version 6.2.0.0 web interface

  Tags:  web-interface xss version-6  

• 14:00

  [webapps / 0day] - JA-Programacao - SQL/XSS Vulnerability

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  [webapps / 0day] - JA-Programacao - SQL/XSS Vulnerability

  Tags:  day ja-programacao sql webapps xss vulnerability  

• April 18, 2012
• 14:00

  [webapps / 0day] - Newscoop 3.5.3 XSS / RFI / SQL Injection

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  [webapps / 0day] - Newscoop 3.5.3 XSS / RFI / SQL Injection

  Tags:  xss day newscoop sql-injection  

• 14:00

  [webapps / 0day] - DocuWiki 2012/01/25 CSRF / XSS

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  [webapps / 0day] - DocuWiki 2012/01/25 CSRF / XSS

  Tags:  docuwiki day csrf xss  

• 12:02

  Bugtraq: Multiple XSS vulnerabilities in XOOPS

   » ‎ SecurityFocus Vulnerabilities
  Multiple XSS vulnerabilities in XOOPS

  Tags:  xss multiple xoops vulnerabilities  

• April 10, 2012
• 14:00

  [webapps / 0day] - Apache 2.5.9=>2.5.10(win) Xss Vulnerability

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  [webapps / 0day] - Apache 2.5.9=>2.5.10(win) Xss Vulnerability

  Tags:  day xss apache webapps apache-2 vulnerability  

• 14:00

  [webapps / 0day] - Apache 2.5.9=>2.5.10(win) Xss Vulnerability

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  [webapps / 0day] - Apache 2.5.9=>2.5.10(win) Xss Vulnerability

  Tags:  day xss apache webapps apache-2 vulnerability  

• 14:00

  [webapps / 0day] - Apache 2.5.9=>2.5.10(win) Xss Vulnerability

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  [webapps / 0day] - Apache 2.5.9=>2.5.10(win) Xss Vulnerability

  Tags:  day xss apache webapps apache-2 vulnerability  

• April 09, 2012
• 8:00

  Bugtraq: [waraxe-2012-SA#085] - Reflected XSS in Uploadify Integration Wordpress plugin

   » ‎ SecurityFocus Vulnerabilities
  [waraxe-2012-SA#085] - Reflected XSS in Uploadify Integration Wordpress plugin

  Tags:  uploadify xss reflected bugtraq  

• April 07, 2012
• 14:00

  [webapps / 0day] - Bonza-Cart E-Commerce - SQLi/XSS Vulnerability

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  [webapps / 0day] - Bonza-Cart E-Commerce - SQLi/XSS Vulnerability

  Tags:  day cart webapps xss vulnerability  

• 14:00

  [webapps / 0day] - Bonza-Cart E-Commerce - SQLi/XSS Vulnerability

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  [webapps / 0day] - Bonza-Cart E-Commerce - SQLi/XSS Vulnerability

  Tags:  day cart webapps xss vulnerability  

• April 05, 2012
• 7:01

  Bugtraq: Re: Arbor Networks Peakflow SP web interface XSS

   » ‎ SecurityFocus Vulnerabilities
  Re: Arbor Networks Peakflow SP web interface XSS

  Tags:  web networks peakflow web-interface arbor-networks xss  

• April 04, 2012
• 15:04

  Bugtraq: Re: Arbor Networks Peakflow SP web interface XSS

   » ‎ SecurityFocus Vulnerabilities
  Re: Arbor Networks Peakflow SP web interface XSS

  Tags:  web-interface arbor-networks xss  

• 10:00

  Bugtraq: Arbor Networks Peakflow SP web interface XSS

   » ‎ SecurityFocus Vulnerabilities
  Arbor Networks Peakflow SP web interface XSS

  Tags:  web networks peakflow web-interface arbor-networks xss  

• March 31, 2012
• 21:29

  [Video] New Ways I'm Going to Hack Your Web App

   » ‎ SecDocs
  Authors: Jesse Ou Rich Lundeen Travis Rhodes
  Tags: web application XSS
  Event: Chaos Communication Congress 28th (28C3) 2011
  Abstract: Writing secure code is hard. Even when people do it basically right there are sometimes edge cases that can be exploited. Most the time writing code that works isn’t even the hard part, it’s keeping up with the changing attack techniques while still keeping an eye on all the old issues that can come back to bite you, straddling the ancient world of the 90’s RFCs and 2010’s HTML5 compatible browsers. A lot like how Indiana Jones bridges the ancient and the modern... Except for Indiana Jones 4. Let’s never talk about that again. Ever. Take Facebook, Office 365, Wordpress, Exchange, and Live. These are applications that had decent mitigations to standard threats, but they all had edge cases. Using a mix of old and new ingredients, we’ll provide a sampler plate of clickjacking protection bypasses, CSRF mitigation bypasses, "non-exploitable" XSS attacks that are suddenly exploitable and XML attacks where you can actually get a shell; and we'll talk about how to defend against these attacks. The best description is probably via the slides linked below. We've put a lot of effort into these, and they have video clips making the slide deck pretty big (why we're linking to it and not attaching it).

  Tags:  xss video web travis-rhodes jesse-ou rich-lundeen indiana chaos-communication-congress indiana-jones-4 edge-cases  

• 21:29

  [Slides] New Ways I'm Going to Hack Your Web App

   » ‎ SecDocs
  Authors: Jesse Ou Rich Lundeen Travis Rhodes
  Tags: web application XSS
  Event: Chaos Communication Congress 28th (28C3) 2011
  Abstract: Writing secure code is hard. Even when people do it basically right there are sometimes edge cases that can be exploited. Most the time writing code that works isn’t even the hard part, it’s keeping up with the changing attack techniques while still keeping an eye on all the old issues that can come back to bite you, straddling the ancient world of the 90’s RFCs and 2010’s HTML5 compatible browsers. A lot like how Indiana Jones bridges the ancient and the modern... Except for Indiana Jones 4. Let’s never talk about that again. Ever. Take Facebook, Office 365, Wordpress, Exchange, and Live. These are applications that had decent mitigations to standard threats, but they all had edge cases. Using a mix of old and new ingredients, we’ll provide a sampler plate of clickjacking protection bypasses, CSRF mitigation bypasses, "non-exploitable" XSS attacks that are suddenly exploitable and XML attacks where you can actually get a shell; and we'll talk about how to defend against these attacks. The best description is probably via the slides linked below. We've put a lot of effort into these, and they have video clips making the slide deck pretty big (why we're linking to it and not attaching it).

  Tags:  xss code web travis-rhodes jesse-ou rich-lundeen indiana chaos-communication-congress indiana-jones-4 edge-cases  

• 21:29

  [Audio] New Ways I'm Going to Hack Your Web App

   » ‎ SecDocs
  Authors: Jesse Ou Rich Lundeen Travis Rhodes
  Tags: web application XSS
  Event: Chaos Communication Congress 28th (28C3) 2011
  Abstract: Writing secure code is hard. Even when people do it basically right there are sometimes edge cases that can be exploited. Most the time writing code that works isn’t even the hard part, it’s keeping up with the changing attack techniques while still keeping an eye on all the old issues that can come back to bite you, straddling the ancient world of the 90’s RFCs and 2010’s HTML5 compatible browsers. A lot like how Indiana Jones bridges the ancient and the modern... Except for Indiana Jones 4. Let’s never talk about that again. Ever. Take Facebook, Office 365, Wordpress, Exchange, and Live. These are applications that had decent mitigations to standard threats, but they all had edge cases. Using a mix of old and new ingredients, we’ll provide a sampler plate of clickjacking protection bypasses, CSRF mitigation bypasses, "non-exploitable" XSS attacks that are suddenly exploitable and XML attacks where you can actually get a shell; and we'll talk about how to defend against these attacks. The best description is probably via the slides linked below. We've put a lot of effort into these, and they have video clips making the slide deck pretty big (why we're linking to it and not attaching it).

  Tags:  xss code web travis-rhodes jesse-ou rich-lundeen indiana chaos-communication-congress indiana-jones-4 edge-cases  

• March 29, 2012
• 7:00

  Bugtraq: NGS00153 Patch Notification: McAfee Email and Web Security Appliance v5.6 - Reflective XSS allowing an attacker to gain session tokens

   » ‎ SecurityFocus Vulnerabilities
  NGS00153 Patch Notification: McAfee Email and Web Security Appliance v5.6 - Reflective XSS allowing an attacker to gain session tokens

  Tags:  notification ngs patch security-appliance xss web-security  

• March 28, 2012
• 14:00

  [webapps / 0day] - VitalogyWeb - XSS / SQL Injection Vulnerability

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  [webapps / 0day] - VitalogyWeb - XSS / SQL Injection Vulnerability

  Tags:  xss vitalogyweb day vulnerability  

• March 27, 2012
• 9:00

  Bugtraq: Matthew1471s ASP BlogX - XSS Vulnerabilities

   » ‎ SecurityFocus Vulnerabilities
  Matthew1471s ASP BlogX - XSS Vulnerabilities

  Tags:  blogx matthew asp xss  

• March 26, 2012
• 14:00

  [webapps / 0day] - AM4SS 1.0 => 1.2 XSS Vulnerability

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  [webapps / 0day] - AM4SS 1.0 => 1.2 XSS Vulnerability

  Tags:  xss vulnerability day  

• March 21, 2012
• 21:03

  Drupal Wishlist Module 6.x / 7.x XSS / CSRF

   » ‎ Packet Storm Security Advisories
  The Drupal Wishlist module versions 6.x and 7.x suffer from cross site request forgery and cross site scripting vulnerabilities.

  Tags:  module drupal wishlist module-versions xss forgery  

• 21:03

  Drupal Wishlist Module 6.x / 7.x XSS / CSRF

   » ‎ Packet Storm Security Recent Files
  The Drupal Wishlist module versions 6.x and 7.x suffer from cross site request forgery and cross site scripting vulnerabilities.

  Tags:  module drupal wishlist module-versions xss forgery  

• 21:03

  Drupal Wishlist Module 6.x / 7.x XSS / CSRF

   » ‎ Packet Storm Security Misc. Files
  The Drupal Wishlist module versions 6.x and 7.x suffer from cross site request forgery and cross site scripting vulnerabilities.

  Tags:  module drupal wishlist module-versions xss forgery  

• March 18, 2012
• 13:19

  [Slides] Rootkits in your Web application

   » ‎ SecDocs
  Authors: Artur Janc
  Tags: web application XSS
  Event: Chaos Communication Congress 28th (28C3) 2011
  Abstract: XSS bugs are the most widely known and commonly occurring Web vulnerability, but their impact has often been limited to cookie theft and/or simple actions, such as setting malicious email filters, stealing some data, or self-propagation via an XSS worm. In this work, I discuss practical approaches for exploiting XSS and other client-side script injection attacks, and introduce novel techniques for maintaining and escalating access within the victim's browser. In particular, I introduce the concept of resident XSS where attacker-supplied code is running in the context of an affected user's main application window and describe its consequences. I also draw analogies between such persistent Web threats and the traditional rootkit model, including similarities in the areas of embedding malicious code, maintaining access, stealthy communication with a C&C server, and the difficulty of detecting and removing attacker-supplied code. Despite a few high profile cases of XSS worms, most XSS exploitation attempts have so far been limited to cookie-stealing and executing simple malicious actions. However, as a consequence of the same-origin policy and a combination of other browser mechanisms, a single XSS vulnerability can often lead to a long-term compromise all of a user's interactions with an affected webapp in the same browser profile, long after the original bug has been fixed. In particular, an attacker can maintain access across window/browser closures, survive cookie and cache deletions, and compromise other user accounts accessed from the same browser. Yet more troubling is the fact that Web application authors currently have no means to detect or mitigate such threats once an attack has taken place. In the talk I provide an overview of techniques to escalate an XSS into long-term account compromise, and explore the similarities between such persistent Web bugs and traditional rootkits. In particular, I: 1) Introduce the concept of resident XSS, where malicious JavaScript is executed in the context of the victim's main application window/tab. Contrary to the traditional methods of exploiting XSS via a hidden frame or malicious link which are opened in a separate, usually short-lived window, resident XSS gives an attacker full freedom to monitor and alter the user's interaction with the affected application. 2) Describe several techniques to convert various Web bugs into a resident XSS. Such techniques include backdooring client-side persistent storage mechanisms (WebSQL, localStorage, Flash LSOs), opening poisoned application windows with injected malicious scripts, exploiting persistent (self-)XSS and others. 3) Discuss the consequences of resident XSS, which usually allow the attacker to get permanent access to an affected user's account and/or obtain the user's application login credentials. On sensitive domains for which users have enabled access to additional browser or plugin features (geolocation, camera/microphone), it can enable persistent snooping on the exploited user. In a large number of cases it can also enable full compromise of the user's machine by exploiting the application-user trust relationship (e.g. by requiring the user to install attacker-supplied plugins to use the affected webapp, or by hijacking file download links within the vulnerable domain). 4) Analyze the techniques for maintaining access to a once-compromised origin. In addition to backdooring persistent storage APIs, this can be achieved by exploiting self-XSS bugs, spawning same-origin pop-unders with references to the original window, and hiding in frames created by advertising networks on popular websites. In most cases, a combination of those techniques suffices to bypass a variety of the most common "cleanup" actions taken by users, and allows an on-going compromise of the affected origin. 5) Present the difficulties faced by Web application authors when trying to clean up a compromised origin. Short of wiping/re-creating a browser profile, there are currently no fully reliable methods to restore a browser's state to a secure configuration once a malicious script has run in the context of an affected domain. I will present the above with concrete examples of vulnerable applications and a demo.

  Tags:  xss user application artur-janc chaos-communication-congress application-authors novel-techniques  

• March 16, 2012
• 15:00

  [webapps / 0day] - FlexCMS 3.2.1 for logged in users XSS

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  [webapps / 0day] - FlexCMS 3.2.1 for logged in users XSS

  Tags:  xss day flexcms  

• March 15, 2012
• 12:07

  Bugtraq: WikyBlog 1.7.3RC2 XSS vulnerability

   » ‎ SecurityFocus Vulnerabilities
  WikyBlog 1.7.3RC2 XSS vulnerability

  Tags:  xss wikyblog vulnerability bugtraq  

• March 14, 2012
• 15:00

  [webapps / 0day] - asaanCart XSS/LFI Vulnerabilities

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  [webapps / 0day] - asaanCart XSS/LFI Vulnerabilities

  Tags:  xss day webapps lfi  

• March 12, 2012
• 8:00

  Bugtraq: Re: Ariadne 2.7.6 Multiple XSS vulnerabilities

   » ‎ SecurityFocus Vulnerabilities
  Re: Ariadne 2.7.6 Multiple XSS vulnerabilities

  Tags:  bugtraq xss multiple ariadne  

• March 11, 2012
• 15:00

  [webapps / 0day] - Clic Page XSS and SQL Injection Vulnerability

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  [webapps / 0day] - Clic Page XSS and SQL Injection Vulnerability

  Tags:  clic day page xss vulnerability  

• March 07, 2012
• 12:00

  Bugtraq: Multiple XSS in Fork CMS

   » ‎ SecurityFocus Vulnerabilities
  Multiple XSS in Fork CMS

  Tags:  xss multiple fork cms  

• March 01, 2012
• 20:28

  Endian UTM Firewall 2.4.x / 2.5.0 CSRF / XSS

   » ‎ Packet Storm Security Exploits
  Endian UTM Firewall versions 2.4.x and 2.5.0 suffer from cross site request forgery and cross site scripting vulnerabilities.

  Tags:  endian firewall utm xss forgery  

• 20:28

  Endian UTM Firewall 2.4.x / 2.5.0 CSRF / XSS

   » ‎ Packet Storm Security Recent Files
  Endian UTM Firewall versions 2.4.x and 2.5.0 suffer from cross site request forgery and cross site scripting vulnerabilities.

  Tags:  endian firewall utm xss forgery  

• 20:28

  Endian UTM Firewall 2.4.x / 2.5.0 CSRF / XSS

   » ‎ Packet Storm Security Misc. Files
  Endian UTM Firewall versions 2.4.x and 2.5.0 suffer from cross site request forgery and cross site scripting vulnerabilities.

  Tags:  endian firewall utm xss forgery  

• February 29, 2012
• 9:00

  Bugtraq: Multiple XSS in Dotclear

   » ‎ SecurityFocus Vulnerabilities
  Multiple XSS in Dotclear

  Tags:  xss dotclear multiple  

• February 27, 2012
• 10:05

  Bugtraq: FrameJammer DOM based XSS

   » ‎ SecurityFocus Vulnerabilities
  FrameJammer DOM based XSS

  Tags:  bugtraq xss framejammer dom  

• 9:00

  Bugtraq: Kongreg8 1.7.3 Mutiple XSS

   » ‎ SecurityFocus Vulnerabilities
  Kongreg8 1.7.3 Mutiple XSS

  Tags:  xss mutiple kongreg bugtraq  

• February 24, 2012
• 15:57

  XSS Flaw Discovered In Skype's Shop, User Accounts Targeted

   » ‎ Packet Storm Security Headlines
  XSS Flaw Discovered In Skype's Shop, User Accounts Targeted

  Tags:  xss discovered flaw  

• February 22, 2012
• 9:02

  Bugtraq: Multiple XSS in Chyrp

   » ‎ SecurityFocus Vulnerabilities
  Multiple XSS in Chyrp

  Tags:  xss multiple chyrp  

• February 18, 2012
• 8:36

  Ghosts Of XSS Past, Present, And Future

   » ‎ Packet Storm Security Recent Files
  These are the slides from the Ghost of XSS Past, Present, and Future presentation given at the OWASP AppSec USA 2011 conference.

  Tags:  xss ghosts future usa owasp slides  

• 8:36

  Ghosts Of XSS Past, Present, And Future

   » ‎ Packet Storm Security Misc. Files
  These are the slides from the Ghost of XSS Past, Present, and Future presentation given at the OWASP AppSec USA 2011 conference.

  Tags:  xss ghosts future usa owasp slides  

• February 17, 2012
• 9:06

  Bugtraq: 0-DAY XSS of cforms II is now fixed after a year and four months (was Re: cforms WordPress Plugin Cross Site Scripting Vulnerability - CVE-2010-3977)

   » ‎ SecurityFocus Vulnerabilities
  0-DAY XSS of cforms II is now fixed after a year and four months (was Re: cforms WordPress Plugin Cross Site Scripting Vulnerability - CVE-2010-3977)

  Tags:  year-and-four-months xss vulnerability  

• 9:05

  Bugtraq: Re: Fwd: 0-DAY XSS of cforms II is now fixed after a year and four months (was Re: cforms WordPress Plugin Cross Site Scripting Vulnerability - CVE-2010-3977)

   » ‎ SecurityFocus Vulnerabilities
  Re: Fwd: 0-DAY XSS of cforms II is now fixed after a year and four months (was Re: cforms WordPress Plugin Cross Site Scripting Vulnerability - CVE-2010-3977)

  Tags:  year-and-four-months xss vulnerability  

• February 04, 2012
• 8:09

  [Slides] New Ways I'm Going to Hack Your Web App

   » ‎ SecDocs
  Authors: Jesse Ou Rich Lundeen
  Tags: web application cookie vulnerability XSS
  Event: Black Hat Abu Dhabi 2011
  Abstract: Writing secure code is hard. Even when people do it basically right there are sometimes edge cases that can be exploited. Most the time writing code that works isn't even the hard part, it's keeping up with the changing attack techniques while still keeping an eye on all the old issues that can come back to bite you, straddling the ancient world of the 90's RFCs and 2010's HTML5 compatible browsers. A lot like how Indiana Jones bridges the ancient and the modern... Except for Indiana Jones 4. Let's never talk about that again. Ever. Take Facebook, Office 365, MSN, and Wordpress. These are applications that had decent mitigations to standard threats, but they all had edge cases. Using a mix of old and new ingredients, we'll provide a sampler plate of clickjacking protection bypasses, CSRF mitigation bypasses, "non-exploitable" XSS attacks that are suddenly exploitable and XML attacks where you can actually get a shell; and we'll talk about how to defend against these attacks.

  Tags:  xss code web jesse-ou rich-lundeen indiana abu-dhabi indiana-jones-4 edge-cases writing-secure-code  

• 8:09

  [Paper] New Ways I'm Going to Hack Your Web App

   » ‎ SecDocs
  Authors: Jesse Ou Rich Lundeen
  Tags: web application cookie vulnerability XSS
  Event: Black Hat Abu Dhabi 2011
  Abstract: Writing secure code is hard. Even when people do it basically right there are sometimes edge cases that can be exploited. Most the time writing code that works isn't even the hard part, it's keeping up with the changing attack techniques while still keeping an eye on all the old issues that can come back to bite you, straddling the ancient world of the 90's RFCs and 2010's HTML5 compatible browsers. A lot like how Indiana Jones bridges the ancient and the modern... Except for Indiana Jones 4. Let's never talk about that again. Ever. Take Facebook, Office 365, MSN, and Wordpress. These are applications that had decent mitigations to standard threats, but they all had edge cases. Using a mix of old and new ingredients, we'll provide a sampler plate of clickjacking protection bypasses, CSRF mitigation bypasses, "non-exploitable" XSS attacks that are suddenly exploitable and XML attacks where you can actually get a shell; and we'll talk about how to defend against these attacks.

  Tags:  xss code web jesse-ou rich-lundeen indiana abu-dhabi indiana-jones-4 edge-cases writing-secure-code  

• February 02, 2012
• 14:00

  [webapps / 0day] - Sphinix Mobile Web Server 3.1.2.47 Multiple Persistent XSS Vulnerabilities

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  [webapps / 0day] - Sphinix Mobile Web Server 3.1.2.47 Multiple Persistent XSS Vulnerabilities

  Tags:  sphinix day webapps mobile-web-server xss  

• February 01, 2012
• 17:53

  swDesk Shell Upload / Code Injection / XSS

   » ‎ Packet Storm Security Exploits
  swDesk suffers from cross site scripting, PHP code injection and shell upload vulnerabilities.

  Tags:  upload shell swdesk xss  

• 17:53

  swDesk Shell Upload / Code Injection / XSS

   » ‎ Packet Storm Security Recent Files
  swDesk suffers from cross site scripting, PHP code injection and shell upload vulnerabilities.

  Tags:  upload shell swdesk xss  

• 17:53

  swDesk Shell Upload / Code Injection / XSS

   » ‎ Packet Storm Security Misc. Files
  swDesk suffers from cross site scripting, PHP code injection and shell upload vulnerabilities.

  Tags:  upload shell swdesk xss  

• 14:00

  [webapps / 0day] - lknSupport XSS Vulnerability

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  [webapps / 0day] - lknSupport XSS Vulnerability

  Tags:  xss day lknsupport vulnerability  

• January 30, 2012
• 11:05

  Bugtraq: Mibew messenger multiple XSS

   » ‎ SecurityFocus Vulnerabilities
  Mibew messenger multiple XSS

  Tags:  xss messenger mibew  

• January 19, 2012
• 15:30

  Microsoft Anti-XSS Library Bypass

   » ‎ Packet Storm Security Exploits
  The Microsoft Anti-XSS library versions 3.0 and 4.0 suffer from a javascript bypass vulnerability.

  Tags:  xss microsoft library library-versions vulnerability  

• 15:30

  Microsoft Anti-XSS Library Bypass

   » ‎ Packet Storm Security Recent Files
  The Microsoft Anti-XSS library versions 3.0 and 4.0 suffer from a javascript bypass vulnerability.

  Tags:  xss microsoft library library-versions vulnerability  

• 15:30

  Microsoft Anti-XSS Library Bypass

   » ‎ Packet Storm Security Misc. Files
  The Microsoft Anti-XSS library versions 3.0 and 4.0 suffer from a javascript bypass vulnerability.

  Tags:  xss microsoft library library-versions vulnerability  

• 8:00

  Bugtraq: Microsoft Anti-XSS Library Bypass (MS12-007)

   » ‎ SecurityFocus Vulnerabilities
  Microsoft Anti-XSS Library Bypass (MS12-007)

  Tags:  xss microsoft library bugtraq  

• January 18, 2012
• 10:00

  Bugtraq: XSS in OneOrZero AIMS

   » ‎ SecurityFocus Vulnerabilities
  XSS in OneOrZero AIMS

  Tags:  xss aims oneorzero  

• January 16, 2012
• 9:00

  Bugtraq: Re: Multiple XSS in KnowledgeTree Community Edition

   » ‎ SecurityFocus Vulnerabilities
  Re: Multiple XSS in KnowledgeTree Community Edition

  Tags:  knowledgetree xss multiple  

• 8:00

  Bugtraq: ATutor 2.0.3 Multiple XSS vulnerabilities

   » ‎ SecurityFocus Vulnerabilities
  ATutor 2.0.3 Multiple XSS vulnerabilities

  Tags:  xss atutor multiple bugtraq vulnerabilities  

• January 11, 2012
• 10:01

  Bugtraq: Multiple XSS in KnowledgeTree Community Edition

   » ‎ SecurityFocus Vulnerabilities
  Multiple XSS in KnowledgeTree Community Edition

  Tags:  knowledgetree xss multiple  

• January 05, 2012
• 9:00

  Bugtraq: Ggb Guestbook - XSS Vulnerabilities

   » ‎ SecurityFocus Vulnerabilities
  Ggb Guestbook - XSS Vulnerabilities

  Tags:  xss guestbook ggb vulnerabilities  

• January 04, 2012
• 8:00

  Bugtraq: Re: Tinyguestbook XSS

   » ‎ SecurityFocus Vulnerabilities
  Re: Tinyguestbook XSS

  Tags:  bugtraq xss tinyguestbook  

• January 03, 2012
• 13:00

  Bugtraq: Tinyguestbook XSS

   » ‎ SecurityFocus Vulnerabilities
  Tinyguestbook XSS

  Tags:  bugtraq xss tinyguestbook  

• 12:00

  Bugtraq: BigACE CMS - XSS Vulnerabilities

   » ‎ SecurityFocus Vulnerabilities
  BigACE CMS - XSS Vulnerabilities

  Tags:  xss bigace cms bugtraq vulnerabilities  

• January 01, 2012
• 9:44

  Mandriva Linux Security Advisory 2011-198

   » ‎ Packet Storm Security Advisories
  Mandriva Linux Security Advisory 2011-198 - Multiple vulnerabilities has been found and corrected in phpmyadmin. Importing a specially-crafted XML file which contains an XML entity injection permits to retrieve a local file (limited by the privileges of the user running the web server). Using crafted database names, it was possible to produce XSS in the Database Synchronize and Database rename panels. Using an invalid and crafted SQL query, it was possible to produce XSS when editing a query on a table overview panel or when using the view creation dialog. Using a crafted column type, it was possible to produce XSS in the table search and create index dialogs. Crafted values entered in the setup interface can produce XSS; also, if the config directory exists and is writeable, the XSS payload can be saved to this directory. Using crafted url parameters, it was possible to produce XSS on the export panels in the server, database and table sections. This upgrade provides the latest phpmyadmin version to address these vulnerabilities.

  Tags:  database xss table mandriva-linux table-overview xml-entity  

• 9:44

  Mandriva Linux Security Advisory 2011-198

   » ‎ Packet Storm Security Recent Files
  Mandriva Linux Security Advisory 2011-198 - Multiple vulnerabilities has been found and corrected in phpmyadmin. Importing a specially-crafted XML file which contains an XML entity injection permits to retrieve a local file (limited by the privileges of the user running the web server). Using crafted database names, it was possible to produce XSS in the Database Synchronize and Database rename panels. Using an invalid and crafted SQL query, it was possible to produce XSS when editing a query on a table overview panel or when using the view creation dialog. Using a crafted column type, it was possible to produce XSS in the table search and create index dialogs. Crafted values entered in the setup interface can produce XSS; also, if the config directory exists and is writeable, the XSS payload can be saved to this directory. Using crafted url parameters, it was possible to produce XSS on the export panels in the server, database and table sections. This upgrade provides the latest phpmyadmin version to address these vulnerabilities.

  Tags:  database xss table mandriva-linux table-overview xml-entity  

• 9:44

  Mandriva Linux Security Advisory 2011-198

   » ‎ Packet Storm Security Misc. Files
  Mandriva Linux Security Advisory 2011-198 - Multiple vulnerabilities has been found and corrected in phpmyadmin. Importing a specially-crafted XML file which contains an XML entity injection permits to retrieve a local file (limited by the privileges of the user running the web server). Using crafted database names, it was possible to produce XSS in the Database Synchronize and Database rename panels. Using an invalid and crafted SQL query, it was possible to produce XSS when editing a query on a table overview panel or when using the view creation dialog. Using a crafted column type, it was possible to produce XSS in the table search and create index dialogs. Crafted values entered in the setup interface can produce XSS; also, if the config directory exists and is writeable, the XSS payload can be saved to this directory. Using crafted url parameters, it was possible to produce XSS on the export panels in the server, database and table sections. This upgrade provides the latest phpmyadmin version to address these vulnerabilities.

  Tags:  database xss table mandriva-linux table-overview xml-entity  

• December 29, 2011
• 15:23

  Bugzilla XSS / XSRF / Unauthorized Account Creation

   » ‎ Packet Storm Security Advisories
  Bugzilla versions 2.17.1 to 3.4.12, 3.5.1 to 3.6.6, 3.7.1 to 4.0.2 and 4.1.1 to 4.1.3 suffer from a cross site scripting vulnerability. Versions 2.23.3 to 3.4.12, 3.5.1 to 3.6.6, 3.7.1 to 4.0.2 and 4.1.1 to 4.1.3 suffer from an unauthorized account creation vulnerability. Versions 2.0 to 3.4.12, 3.5.1 to 3.6.6, 3.7.1 to 4.0.2 and 4.1.1 to 4.1.3 suffer from a cross site request forgery vulnerability.

  Tags:  bugzilla vulnerability account creation-vulnerability account-creation xss  

• 15:23

  Bugzilla XSS / XSRF / Unauthorized Account Creation

   » ‎ Packet Storm Security Recent Files
  Bugzilla versions 2.17.1 to 3.4.12, 3.5.1 to 3.6.6, 3.7.1 to 4.0.2 and 4.1.1 to 4.1.3 suffer from a cross site scripting vulnerability. Versions 2.23.3 to 3.4.12, 3.5.1 to 3.6.6, 3.7.1 to 4.0.2 and 4.1.1 to 4.1.3 suffer from an unauthorized account creation vulnerability. Versions 2.0 to 3.4.12, 3.5.1 to 3.6.6, 3.7.1 to 4.0.2 and 4.1.1 to 4.1.3 suffer from a cross site request forgery vulnerability.

  Tags:  bugzilla vulnerability account creation-vulnerability account-creation xss  

• 15:23

  Bugzilla XSS / XSRF / Unauthorized Account Creation

   » ‎ Packet Storm Security Misc. Files
  Bugzilla versions 2.17.1 to 3.4.12, 3.5.1 to 3.6.6, 3.7.1 to 4.0.2 and 4.1.1 to 4.1.3 suffer from a cross site scripting vulnerability. Versions 2.23.3 to 3.4.12, 3.5.1 to 3.6.6, 3.7.1 to 4.0.2 and 4.1.1 to 4.1.3 suffer from an unauthorized account creation vulnerability. Versions 2.0 to 3.4.12, 3.5.1 to 3.6.6, 3.7.1 to 4.0.2 and 4.1.1 to 4.1.3 suffer from a cross site request forgery vulnerability.

  Tags:  creation-vulnerability account-creation xss  

• 14:00

  [webapps / 0day] - Winn Guestbook v2.4.8c Stored XSS Vulnerability

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  [webapps / 0day] - Winn Guestbook v2.4.8c Stored XSS Vulnerability

  Tags:  xss stored day winn-guestbook vulnerability  

• 11:00

  Bugtraq: Winn Guestbook v2.4.8c Stored XSS

   » ‎ SecurityFocus Vulnerabilities
  Winn Guestbook v2.4.8c Stored XSS

  Tags:  bugtraq xss stored winn-guestbook guestbook-v2  

• December 21, 2011
• 13:49

  Postcards From The Post-XSS World

   » ‎ Packet Storm Security Headlines
  Postcards From The Post-XSS World

  Tags:  xss postcards post  

• December 20, 2011
• 14:00

  [webapps / 0day] - Rapidleech v2 rev. 43 XSS Vulnerability

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  [webapps / 0day] - Rapidleech v2 rev. 43 XSS Vulnerability

  Tags:  rapidleech day rev webapps xss vulnerability  

• 9:02

  Bugtraq: Re: SASHA v0.2.0 Mutiple XSS

   » ‎ SecurityFocus Vulnerabilities
  Re: SASHA v0.2.0 Mutiple XSS

  Tags:  xss mutiple sasha bugtraq  

• December 16, 2011
• 10:00

  Bugtraq: Re: tag used for hijacking external resources (XSS)

   » ‎ SecurityFocus Vulnerabilities
  Re: <BASE> tag used for hijacking external resources (XSS)

  Tags:  bugtraq xss tag external-resources  

• 9:00

  Bugtraq: tag used for hijacking external resources (XSS)

   » ‎ SecurityFocus Vulnerabilities
  <BASE> tag used for hijacking external resources (XSS)

  Tags:  bugtraq xss tag external-resources  

• December 15, 2011
• 12:00

  Bugtraq: NGS00141 Patch Notification: Websense Triton 7.6 - Stored XSS in report management UI

   » ‎ SecurityFocus Vulnerabilities
  NGS00141 Patch Notification: Websense Triton 7.6 - Stored XSS in report management UI

  Tags:  notification ngs patch report-management xss triton  

• December 11, 2011
• 14:00

  [webapps / 0day] - FCMS_2.7.2 cms and earlier multiple stored XSS Vulnerability

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  [webapps / 0day] - FCMS_2.7.2 cms and earlier multiple stored XSS Vulnerability

  Tags:  multiple day fcms xss vulnerability cms  

• December 01, 2011
• 12:00

  Bugtraq: Ariadne 2.7.6 Multiple XSS vulnerabilities

   » ‎ SecurityFocus Vulnerabilities
  Ariadne 2.7.6 Multiple XSS vulnerabilities

  Tags:  bugtraq xss multiple ariadne  

• November 22, 2011
• 9:00

  Bugtraq: Re: XSS in Tiki Wiki CMS Groupware

   » ‎ SecurityFocus Vulnerabilities
  Re: XSS in Tiki Wiki CMS Groupware

  Tags:  xss tiki wiki tiki-wiki groupware  

• November 17, 2011
• 14:00

  Bugtraq: [DSECRG-11-037] SAP BW Doc - Multiple XSS

   » ‎ SecurityFocus Vulnerabilities
  [DSECRG-11-037] SAP BW Doc - Multiple XSS

  Tags:  multiple sap doc xss  

• 13:00

  Bugtraq: [DSECRG-11-036] SAP NetWaver Virus Scan Interface - multiple XSS

   » ‎ SecurityFocus Vulnerabilities
  [DSECRG-11-036] SAP NetWaver Virus Scan Interface - multiple XSS

  Tags:  virus sap netwaver virus-scan xss interface  

• November 01, 2011
• 14:00

  Bugtraq: XSS and SQL Injection Vulnerabilities on Symphony CMS 2.2.3

   » ‎ SecurityFocus Vulnerabilities
  XSS and SQL Injection Vulnerabilities on Symphony CMS 2.2.3

  Tags:  xss injection sql vulnerabilities cms  

• October 21, 2011
• 7:00

  Bugtraq: Metasploit 4.1.0 Web UI stored XSS vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Metasploit 4.1.0 Web UI stored XSS vulnerability

  Tags:  xss web metasploit bugtraq vulnerability  

• October 20, 2011
• 12:00

  Bugtraq: OCS Inventory NG 2.0.1 Persistent XSS (CVE-2011-4024)

   » ‎ SecurityFocus Vulnerabilities
  OCS Inventory NG 2.0.1 Persistent XSS (CVE-2011-4024)

  Tags:  inventory persistent ocs ocs-inventory xss  

• October 19, 2011
• 21:00

  [webapps / 0day] - OCS Inventory NG 2.0.1 Persistent XSS

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  [webapps / 0day] - OCS Inventory NG 2.0.1 Persistent XSS

  Tags:  inventory day ocs ocs-inventory xss  

• 14:00

  [webapps / 0day] - OCS Inventory NG 2.0.1 Persistent XSS

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  [webapps / 0day] - OCS Inventory NG 2.0.1 Persistent XSS

  Tags:  inventory day ocs ocs-inventory xss  

• October 18, 2011
• 13:01

  Bugtraq: Site@School 2.4.10 SQL Injection & XSS vulnerabilities

   » ‎ SecurityFocus Vulnerabilities
  Site@School 2.4.10 SQL Injection & XSS vulnerabilities

  Tags:  school site sql amp xss  

• October 16, 2011
• 21:00

  [webapps / 0day] - Dominant Creature BBG/RPG Browser Game Persistent XSS

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  [webapps / 0day] - Dominant Creature BBG/RPG Browser Game Persistent XSS

  Tags:  dominant-creature browser-game xss  

• 14:00

  [webapps / 0day] - Dominant Creature BBG/RPG Browser Game Persistent XSS

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  [webapps / 0day] - Dominant Creature BBG/RPG Browser Game Persistent XSS

  Tags:  day creature dominant dominant-creature browser-game xss  

• September 23, 2011
• 11:08

  Bugtraq: XSS Vulnerabilities in TWiki < 5.1.0

   » ‎ SecurityFocus Vulnerabilities
  XSS Vulnerabilities in TWiki < 5.1.0

  Tags:  vulnerabilities xss twiki  

• September 22, 2011
• 13:33

  [Paper] Hacking Browser's DOM - Exploiting Ajax and RIA

   » ‎ SecDocs
  Authors: Shreeraj Shah
  Tags: AJAX XSS Rich Internet Applications
  Event: Black Hat USA 2010
  Abstract: Web 2.0 applications are using dynamic DOM manipulations extensively for presenting JSON or XML streams in the browser. These DOM calls mixed with XMLHttpRequest (XHR) object are part of client side logic written in JavaScript or part of any other client side technology be it Flash or Silverlight. DOM driven XSS is a sleeping giant in the application code and it can be exploited by an attacker to gain access to the end user’s browser/desktop. This can become a root cause of following set of interesting vulnerabilities – Cross Widget Sniffing, RSS feed reader exploitation, XHR response stealing, Mashup hacking, Malicious code injection, Spreading Worm etc. This set of vulnerability needs innovative way of scanning the application and corresponding methodology needs to be tweaked. We have seen DOM driven XSS exploited in various different popular portals to spread worm or virus. This is a significant threat on the rise and should be mitigated by validating un-trusted content poisoning Ajax or Flash routines. DOM driven XSS, Cross Domain Bypass and CSRF can cause a deadly cocktail to exploit Web 2.0 applications across Internet. This presentation will be covering following important issues and concepts.

  Tags:  xss ajax browser ria authors shah-tags dom rich-internet usa deadly-cocktail sleeping-giant  

• 13:33

  [Slides] Hacking Browser's DOM - Exploiting Ajax and RIA

   » ‎ SecDocs
  Authors: Shreeraj Shah
  Tags: AJAX XSS Rich Internet Applications
  Event: Black Hat USA 2010
  Abstract: Web 2.0 applications are using dynamic DOM manipulations extensively for presenting JSON or XML streams in the browser. These DOM calls mixed with XMLHttpRequest (XHR) object are part of client side logic written in JavaScript or part of any other client side technology be it Flash or Silverlight. DOM driven XSS is a sleeping giant in the application code and it can be exploited by an attacker to gain access to the end user’s browser/desktop. This can become a root cause of following set of interesting vulnerabilities – Cross Widget Sniffing, RSS feed reader exploitation, XHR response stealing, Mashup hacking, Malicious code injection, Spreading Worm etc. This set of vulnerability needs innovative way of scanning the application and corresponding methodology needs to be tweaked. We have seen DOM driven XSS exploited in various different popular portals to spread worm or virus. This is a significant threat on the rise and should be mitigated by validating un-trusted content poisoning Ajax or Flash routines. DOM driven XSS, Cross Domain Bypass and CSRF can cause a deadly cocktail to exploit Web 2.0 applications across Internet. This presentation will be covering following important issues and concepts.

  Tags:  xss ajax browser ria authors shah-tags dom rich-internet usa deadly-cocktail sleeping-giant  

• September 20, 2011
• 23:34

  Bypassing Microsoft Internet Explorer's XSS Filter

   » ‎ Packet Storm Security Recent Files
  This is a whitepaper is called Bypassing Microsoft's Internet Explorer Cross Site Scripting Filter.

  Tags:  internet bypassing microsoft xss whitepaper internet-explorer  

• 23:34

  Bypassing Microsoft Internet Explorer's XSS Filter

   » ‎ Packet Storm Security Misc. Files
  This is a whitepaper is called Bypassing Microsoft's Internet Explorer Cross Site Scripting Filter.

  Tags:  internet bypassing microsoft xss whitepaper internet-explorer  

• September 19, 2011
• 19:04

  Bypassing Internet Explorer's XSS Filter

   » ‎ SecuriTeam
  Internet Explorer 9 has a security system with well known shortfalls, most notably that it does not attempt to address DOM based XSS or Stored XSS. This security system is built on an arbitrary philosophy which only accounts for the most straight forward of reflective XSS attacks. This paper covers three attack patterns that undermine Internet Explorer's ability to prevent Reflective XSS.

  -

  Make your website safer. Use external penetration testing service. First report ready in one hour!

  Tags:  internet xss explorer dom attack-patterns safer-use filter-internet  

• September 13, 2011
• 8:00

  Bugtraq: XSS vulnerability in FortiMail Messaging Security Appliance

   » ‎ SecurityFocus Vulnerabilities
  XSS vulnerability in FortiMail Messaging Security Appliance

  Tags:  xss vulnerability fortimail security-appliance  

• September 08, 2011
• 9:00

  Bugtraq: Multiple XSS vulnerabilities in LightNEasy 3.2.4

   » ‎ SecurityFocus Vulnerabilities
  Multiple XSS vulnerabilities in LightNEasy 3.2.4

  Tags:  vulnerabilities xss lightneasy  

• September 07, 2011
• 11:00

  Bugtraq: XSS in Zikula

   » ‎ SecurityFocus Vulnerabilities
  XSS in Zikula

  Tags:  bugtraq xss zikula  

• September 06, 2011
• 9:00

  Bugtraq: XSS Ebuddy (responsible disclosure)

   » ‎ SecurityFocus Vulnerabilities
  XSS Ebuddy (responsible disclosure)

  Tags:  xss disclosure ebuddy  

• August 24, 2011
• 0:00

  Bugtraq: [CVE-2011-2712] Apache Wicket XSS vulnerability

   » ‎ SecurityFocus Vulnerabilities
  [CVE-2011-2712] Apache Wicket XSS vulnerability

  Tags:  xss wicket apache cve bugtraq  

• August 17, 2011
• 13:00

  Bugtraq: XSS in Fast Secure Contact Form wordpress plugin

   » ‎ SecurityFocus Vulnerabilities
  XSS in Fast Secure Contact Form wordpress plugin

  Tags:  secure xss fast  

• 13:00

  Bugtraq: Multiple XSS in WP-Stats-Dashboard

   » ‎ SecurityFocus Vulnerabilities
  Multiple XSS in WP-Stats-Dashboard

  Tags:  bugtraq xss wp-stats-dashboard dashboard  

• August 15, 2011
• 12:00

  Bugtraq: [security bulletin] HPSBMU02695 SSRT100480 rev.2 - HP OpenView Performance Insight, Remote HTML Injection, Unauthorized Access, Cross Site Scripting (XSS)

   » ‎ SecurityFocus Vulnerabilities
  [security bulletin] HPSBMU02695 SSRT100480 rev.2 - HP OpenView Performance Insight, Remote HTML Injection, Unauthorized Access, Cross Site Scripting (XSS)

  Tags:  hpsbmu security bulletin security-bulletin xss cross-site-scripting  

• August 10, 2011
• 13:00

  Bugtraq: Multiple XSS in eShop for Wordpress

   » ‎ SecurityFocus Vulnerabilities
  Multiple XSS in eShop for Wordpress

  Tags:  xss multiple eshop  

• August 04, 2011
• 9:00

  Bugtraq: XSS in WP e-Commerce

   » ‎ SecurityFocus Vulnerabilities
  XSS in WP e-Commerce

  Tags:  xss  

• 9:00

  Bugtraq: Multiple XSS in HESK

   » ‎ SecurityFocus Vulnerabilities
  Multiple XSS in HESK

  Tags:  hesk xss multiple  

• July 28, 2011
• 21:00

  [webapps / 0day] - ManageEngine ServiceDesk Plus 8.0 Build 8013 Multiple XSS Vulnerabilities

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  [webapps / 0day] - ManageEngine ServiceDesk Plus 8.0 Build 8013 Multiple XSS Vulnerabilities

  Tags:  day manageengine webapps servicedesk xss  

• 14:00

  Bugtraq: [security bulletin] HPSBMU02692 SSRT100581 rev.2 - HP SiteScope, Remote Cross Site Scripting (XSS) and Session Fixation Attack

   » ‎ SecurityFocus Vulnerabilities
  [security bulletin] HPSBMU02692 SSRT100581 rev.2 - HP SiteScope, Remote Cross Site Scripting (XSS) and Session Fixation Attack

  Tags:  hpsbmu security bulletin security-bulletin xss session-fixation  

• 13:22

  HP Security Bulletin HPSBMU02692 SSRT100581 2

   » ‎ Packet Storm Security Advisories
  HP Security Bulletin HPSBMU02692 SSRT100581 2 - Potential security vulnerabilities have been identified with HP SiteScope. These vulnerabilities could be exploited remotely to allow cross site scripting (XSS) and session fixation attacks. Revision 2 of this advisory.

  Tags:  hpsbmu bulletin security security-vulnerabilities security-bulletin xss  

• 13:22

  HP Security Bulletin HPSBMU02692 SSRT100581 2

   » ‎ Packet Storm Security Recent Files
  HP Security Bulletin HPSBMU02692 SSRT100581 2 - Potential security vulnerabilities have been identified with HP SiteScope. These vulnerabilities could be exploited remotely to allow cross site scripting (XSS) and session fixation attacks. Revision 2 of this advisory.

  Tags:  hpsbmu bulletin security security-vulnerabilities security-bulletin xss  

• 13:22

  HP Security Bulletin HPSBMU02692 SSRT100581 2

   » ‎ Packet Storm Security Misc. Files
  HP Security Bulletin HPSBMU02692 SSRT100581 2 - Potential security vulnerabilities have been identified with HP SiteScope. These vulnerabilities could be exploited remotely to allow cross site scripting (XSS) and session fixation attacks. Revision 2 of this advisory.

  Tags:  hpsbmu bulletin security security-vulnerabilities security-bulletin xss  

• July 27, 2011
• 13:00

  Bugtraq: Multiple XSS in GBook PHP guestbook

   » ‎ SecurityFocus Vulnerabilities
  Multiple XSS in GBook PHP guestbook

  Tags:  xss php gbook php-guestbook  

• July 20, 2011
• 9:00

  Bugtraq: XSS in Tiki Wiki CMS Groupware

   » ‎ SecurityFocus Vulnerabilities
  XSS in Tiki Wiki CMS Groupware

  Tags:  xss tiki wiki tiki-wiki groupware  

• July 19, 2011
• 11:10

  [Paper] Kicking Down the Cross Domain Door (One XSS at a Time)

   » ‎ SecDocs
  Authors: Billy Rios Raghav Dube
  Tags: web application XSS
  Event: Black Hat Europe 2007
  

  Tags:  xss kicking paper billy-rios europe hat-europe time-authors raghav  

• 11:09

  [Slides] Kicking Down the Cross Domain Door (One XSS at a Time)

   » ‎ SecDocs
  Authors: Billy Rios Raghav Dube
  Tags: web application XSS
  Event: Black Hat Europe 2007
  

  Tags:  xss cross kicking billy-rios europe hat-europe time-authors raghav  

• July 07, 2011
• 21:00

  [webapps / 0day] - appRain Quick Start Edition Core Edition Multiple XSS Vulnerabilities

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  [webapps / 0day] - appRain Quick Start Edition Core Edition Multiple XSS Vulnerabilities

  Tags:  apprain day edition core-edition xss  

• June 28, 2011
• 12:07

  Bugtraq: XSS in FlatPress

   » ‎ SecurityFocus Vulnerabilities
  XSS in FlatPress

  Tags:  bugtraq xss flatpress  

• June 22, 2011
• 12:00

  Bugtraq: HTB23017: XSS in FanUpdate

   » ‎ SecurityFocus Vulnerabilities
  HTB23017: XSS in FanUpdate

  Tags:  xss htb fanupdate  

• June 16, 2011
• 21:00

  [webapps / 0day] - WeBid 1.0.2 presistent XSS via SQL Injection

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  [webapps / 0day] - WeBid 1.0.2 presistent XSS via SQL Injection

  Tags:  day webid presistent xss  

• June 15, 2011
• 9:00

  Bugtraq: HTB23010: Multiple XSS & Local File Inclusion in Free Simple CMS

   » ‎ SecurityFocus Vulnerabilities
  HTB23010: Multiple XSS & Local File Inclusion in Free Simple CMS

  Tags:  xss multiple htb inclusion cms amp  

• 9:00

  Bugtraq: HTB23005: Multiple XSS in N-13 News

   » ‎ SecurityFocus Vulnerabilities
  HTB23005: Multiple XSS in N-13 News

  Tags:  xss news htb  

• June 13, 2011
• 11:00

  Bugtraq: Re: HTB22943: XSS in Dalbum

   » ‎ SecurityFocus Vulnerabilities
  Re: HTB22943: XSS in Dalbum

  Tags:  dalbum xss htb  

• June 01, 2011
• 9:00

  Bugtraq: HTB22997: XSS in A Really Simple Chat (ARSC)

   » ‎ SecurityFocus Vulnerabilities
  HTB22997: XSS in A Really Simple Chat (ARSC)

  Tags:  xss htb simple simple-chat  

• May 31, 2011
• 8:01

  Bugtraq: [CVE-2011-1077] Apache Archiva Multiple XSS vulnerabilities

   » ‎ SecurityFocus Vulnerabilities
  [CVE-2011-1077] Apache Archiva Multiple XSS vulnerabilities

  Tags:  archiva multiple apache xss cve bugtraq  

• May 26, 2011
• 10:00

  Bugtraq: [CVE-REQUEST] Plone XSS and permission errors

   » ‎ SecurityFocus Vulnerabilities
  [CVE-REQUEST] Plone XSS and permission errors

  Tags:  xss plone cve-request  

• May 24, 2011
• 9:00

  Bugtraq: PR10-11: Multiple XSS injection vulnerabilities and a offsite redirection flaw within HP System Management Homepage (Insight Manager)

   » ‎ SecurityFocus Vulnerabilities
  PR10-11: Multiple XSS injection vulnerabilities and a offsite redirection flaw within HP System Management Homepage (Insight Manager)

  Tags:  xss multiple injection insight-manager hp-system management-homepage  

• May 18, 2011
• 9:05

  Bugtraq: XSS vulnerability in TWiki < 5.0.2

   » ‎ SecurityFocus Vulnerabilities
  XSS vulnerability in TWiki < 5.0.2

  Tags:  xss vulnerability twiki  

• May 17, 2011
• 9:00

  Bugtraq: HTB22981: Multiple XSS (Cross Site Scripting) vulnerabilities in PHP Calendar Basic

   » ‎ SecurityFocus Vulnerabilities
  HTB22981: Multiple XSS (Cross Site Scripting) vulnerabilities in PHP Calendar Basic

  Tags:  xss cross htb vulnerabilities  

• May 16, 2011
• 12:00

  Bugtraq: PR10-15: Multiple XSS flaws within Mitel's AWC (Mitel Audio and Web Conferencing)

   » ‎ SecurityFocus Vulnerabilities
  PR10-15: Multiple XSS flaws within Mitel's AWC (Mitel Audio and Web Conferencing)

  Tags:  xss multiple mitel pr10 awc web-conferencing  

• May 12, 2011
• 14:00

  Bugtraq: HTB22979: Multiple XSS (Cross Site Scripting) vulnerabilities in Argyle Social

   » ‎ SecurityFocus Vulnerabilities
  HTB22979: Multiple XSS (Cross Site Scripting) vulnerabilities in Argyle Social

  Tags:  xss multiple htb vulnerabilities  

• May 10, 2011
• 9:00

  Bugtraq: HTB22974: Multiple XSS in Calendarix

   » ‎ SecurityFocus Vulnerabilities
  HTB22974: Multiple XSS in Calendarix

  Tags:  xss multiple htb  

• 9:00

  Bugtraq: HTB22976: Multiple XSS (Cross Site Scripting) vulnerabilities in poMMo

   » ‎ SecurityFocus Vulnerabilities
  HTB22976: Multiple XSS (Cross Site Scripting) vulnerabilities in poMMo

  Tags:  xss multiple htb vulnerabilities  

• May 09, 2011
• 14:00

  Bugtraq: PR10-17 Various XSS and information disclosure flaws within KeyFax response management system

   » ‎ SecurityFocus Vulnerabilities
  PR10-17 Various XSS and information disclosure flaws within KeyFax response management system

  Tags:  xss disclosure information response-management-system information-disclosure pr10  

• May 05, 2011
• 12:00

  Bugtraq: PR10-13: Multiple XSS and Authentication flaws within BMC Remedy Knowledge Management

   » ‎ SecurityFocus Vulnerabilities
  PR10-13: Multiple XSS and Authentication flaws within BMC Remedy Knowledge Management

  Tags:  xss authentication multiple pr10 bmc  

• 10:00

  Bugtraq: HTB22968: XSS in PHP Directory Listing Script

   » ‎ SecurityFocus Vulnerabilities
  HTB22968: XSS in PHP Directory Listing Script

  Tags:  xss htb php directory-listing  

• 8:17

  HP Security Bulletin HPSBMA02667 SSRT100464 3

   » ‎ Packet Storm Security Advisories
  HP Security Bulletin HPSBMA02667 SSRT100464 3 - Potential security vulnerabilities have been identified with HP SiteScope. These vulnerabilities could be exploited remotely via Cross Site Scripting (XSS) and HTML injection. Revision 3 of this advisory.

  Tags:  hpsbma bulletin security security-vulnerabilities security-bulletin xss  

• 8:17

  HP Security Bulletin HPSBMA02667 SSRT100464 3

   » ‎ Packet Storm Security Recent Files
  HP Security Bulletin HPSBMA02667 SSRT100464 3 - Potential security vulnerabilities have been identified with HP SiteScope. These vulnerabilities could be exploited remotely via Cross Site Scripting (XSS) and HTML injection. Revision 3 of this advisory.

  Tags:  hpsbma bulletin security security-vulnerabilities security-bulletin xss  

• 8:17

  HP Security Bulletin HPSBMA02667 SSRT100464 3

   » ‎ Packet Storm Security Misc. Files
  HP Security Bulletin HPSBMA02667 SSRT100464 3 - Potential security vulnerabilities have been identified with HP SiteScope. These vulnerabilities could be exploited remotely via Cross Site Scripting (XSS) and HTML injection. Revision 3 of this advisory.

  Tags:  security-vulnerabilities security-bulletin xss  

• May 04, 2011
• 12:00

  Bugtraq: [security bulletin] HPSBMA02667 SSRT100464 rev.3 - HP SiteScope, Cross Site Scripting (XSS) and HTML Injection

   » ‎ SecurityFocus Vulnerabilities
  [security bulletin] HPSBMA02667 SSRT100464 rev.3 - HP SiteScope, Cross Site Scripting (XSS) and HTML Injection

  Tags:  hpsbma security bulletin security-bulletin xss bugtraq  

• May 03, 2011
• 12:00

  Bugtraq: HTB22964: XSS in SelectaPix Image Gallery

   » ‎ SecurityFocus Vulnerabilities
  HTB22964: XSS in SelectaPix Image Gallery

  Tags:  xss htb selectapix image-gallery  

• 12:00

  Bugtraq: HTB22962: Multiple XSS in YaPiG

   » ‎ SecurityFocus Vulnerabilities
  HTB22962: Multiple XSS in YaPiG

  Tags:  xss multiple htb  

• April 28, 2011
• 9:00

  Bugtraq: HTB22960: XSS in Daily Maui Photo Widget wordpress plugin

   » ‎ SecurityFocus Vulnerabilities
  HTB22960: XSS in Daily Maui Photo Widget wordpress plugin

  Tags:  xss htb daily widget maui  

• 9:00

  Bugtraq: HTB22958: XSS in phpGraphy

   » ‎ SecurityFocus Vulnerabilities
  HTB22958: XSS in phpGraphy

  Tags:  xss htb phpgraphy  

• April 27, 2011
• 18:01

  Movistar Chile XSRF / XSS / SQL Injection

   » ‎ Packet Storm Security Exploits
  Movistar Chile suffers from cross site request forgery, cross site scripting and remote SQL injection vulnerabilities.

  Tags:  injection sql movistar chile sql-injection cross-site-scripting xss  

• 18:01

  Movistar Chile XSRF / XSS / SQL Injection

   » ‎ Packet Storm Security Recent Files
  Movistar Chile suffers from cross site request forgery, cross site scripting and remote SQL injection vulnerabilities.

  Tags:  injection sql movistar chile sql-injection cross-site-scripting xss  

• 18:01

  Movistar Chile XSRF / XSS / SQL Injection

   » ‎ Packet Storm Security Misc. Files
  Movistar Chile suffers from cross site request forgery, cross site scripting and remote SQL injection vulnerabilities.

  Tags:  injection sql movistar chile sql-injection cross-site-scripting xss  

• 12:21

  HP Security Bulletin HPSBMA02667 SSRT100464 2

   » ‎ Packet Storm Security Advisories
  HP Security Bulletin HPSBMA02667 SSRT100464 2 - Potential security vulnerabilities have been identified with HP SiteScope. These vulnerabilities could be exploited remotely via Cross Site Scripting (XSS) and HTML injection. Revision 2 of this advisory.

  Tags:  hpsbma bulletin security security-vulnerabilities security-bulletin xss  

• 12:21

  HP Security Bulletin HPSBMA02667 SSRT100464 2

   » ‎ Packet Storm Security Recent Files
  HP Security Bulletin HPSBMA02667 SSRT100464 2 - Potential security vulnerabilities have been identified with HP SiteScope. These vulnerabilities could be exploited remotely via Cross Site Scripting (XSS) and HTML injection. Revision 2 of this advisory.

  Tags:  hpsbma bulletin security security-vulnerabilities security-bulletin xss  

• 12:21

  HP Security Bulletin HPSBMA02667 SSRT100464 2

   » ‎ Packet Storm Security Misc. Files
  HP Security Bulletin HPSBMA02667 SSRT100464 2 - Potential security vulnerabilities have been identified with HP SiteScope. These vulnerabilities could be exploited remotely via Cross Site Scripting (XSS) and HTML injection. Revision 2 of this advisory.

  Tags:  hpsbma bulletin security security-vulnerabilities security-bulletin xss  

• 9:00

  Bugtraq: [security bulletin] HPSBMA02667 SSRT100464 rev.2 - HP SiteScope, Cross Site Scripting (XSS) and HTML Injection

   » ‎ SecurityFocus Vulnerabilities
  [security bulletin] HPSBMA02667 SSRT100464 rev.2 - HP SiteScope, Cross Site Scripting (XSS) and HTML Injection

  Tags:  hpsbma security bulletin security-bulletin xss bugtraq  

• 9:00

  Bugtraq: Re: Stored XSS vulnerability in diafan.CMS

   » ‎ SecurityFocus Vulnerabilities
  Re: Stored XSS vulnerability in diafan.CMS

  Tags:  xss stored vulnerability cms  

• April 25, 2011
• 10:02

  HP Security Bulletin HPSBMA02667 SSRT100464

   » ‎ Packet Storm Security Advisories
  HP Security Bulletin HPSBMA02667 SSRT100464 - Potential security vulnerabilities have been identified with HP SiteScope. These vulnerabilities could be exploited remotely via Cross Site Scripting (XSS) and HTML injection. Revision 1 of this advisory.

  Tags:  hpsbma bulletin security security-vulnerabilities security-bulletin xss  

• 10:02

  HP Security Bulletin HPSBMA02667 SSRT100464

   » ‎ Packet Storm Security Recent Files
  HP Security Bulletin HPSBMA02667 SSRT100464 - Potential security vulnerabilities have been identified with HP SiteScope. These vulnerabilities could be exploited remotely via Cross Site Scripting (XSS) and HTML injection. Revision 1 of this advisory.

  Tags:  hpsbma bulletin security security-vulnerabilities security-bulletin xss  

• 10:02

  HP Security Bulletin HPSBMA02667 SSRT100464

   » ‎ Packet Storm Security Misc. Files
  HP Security Bulletin HPSBMA02667 SSRT100464 - Potential security vulnerabilities have been identified with HP SiteScope. These vulnerabilities could be exploited remotely via Cross Site Scripting (XSS) and HTML injection. Revision 1 of this advisory.

  Tags:  hpsbma bulletin security security-vulnerabilities security-bulletin xss  

• 9:00

  Bugtraq: XSS in Webmin 1.540 + exploit for privilege escalation

   » ‎ SecurityFocus Vulnerabilities
  XSS in Webmin 1.540 + exploit for privilege escalation

  Tags:  xss privilege webmin escalation  

• April 20, 2011
• 14:00

  [webapps / 0day] - docuFORM Mercury WebApp 6.16a/5.20 Multiple XSS Vulnerabilities

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  [webapps / 0day] - docuFORM Mercury WebApp 6.16a/5.20 Multiple XSS Vulnerabilities

  Tags:  day docuform webapps xss mercury  

• April 19, 2011
• 12:00

  Bugtraq: HTB22938: Multiple XSS in Universal Post Manager wordpress plugin

   » ‎ SecurityFocus Vulnerabilities
  HTB22938: Multiple XSS in Universal Post Manager wordpress plugin

  Tags:  xss multiple htb  

• 11:00

  Bugtraq: HTB22940: XSS in SocialGrid wordpress plugin

   » ‎ SecurityFocus Vulnerabilities
  HTB22940: XSS in SocialGrid wordpress plugin

  Tags:  socialgrid xss htb wordpress-plugin  

• 10:00

  Bugtraq: HTB22932: Multiple XSS in webSPELL

   » ‎ SecurityFocus Vulnerabilities
  HTB22932: Multiple XSS in webSPELL

  Tags:  xss htb webspell  

• 10:00

  Bugtraq: HTB22935: Multiple XSS in WP-StarsRateBox wordpress plugin

   » ‎ SecurityFocus Vulnerabilities
  HTB22935: Multiple XSS in WP-StarsRateBox wordpress plugin

  Tags:  xss multiple htb wordpress-plugin  

• April 15, 2011
• 11:00

  Bugtraq: RE: THOMSON Router XSS

   » ‎ SecurityFocus Vulnerabilities
  RE: THOMSON Router XSS

  Tags:  xss router thomson bugtraq  

• April 14, 2011
• 10:00

  Bugtraq: HTB22922: XSS vulnerabilities in phpAlbum.net

   » ‎ SecurityFocus Vulnerabilities
  HTB22922: XSS vulnerabilities in phpAlbum.net

  Tags:  xss htb phpalbum vulnerabilities  

• April 12, 2011
• 9:00

  Bugtraq: HTB22930: Multiple XSS in WebCalendar

   » ‎ SecurityFocus Vulnerabilities
  HTB22930: Multiple XSS in WebCalendar

  Tags:  xss multiple htb  

• April 11, 2011
• 14:11

  [Paper] XSS Street-Fight: The Only Rule Is There Are No Rules

   » ‎ SecDocs
  Authors: Ryan C. Barnett
  Tags: XSS
  Event: Black Hat DC 2011
  Abstract: Defending web applications from Cross-Site Scripting (XSS) attacks is extremely challenging, especially when the application's code can not be updated to fix the issue. This presentation will provide a walk-through of various XSS attack/defense/evasion lessons learned by Trustwave's SpiderLabs Research Team while working with commercial WAF customers, as well as, by receiving thousands of attacks against our public ModSecurity demonstration page. We will highlight cutting-edge XSS protection methods that are external to the web application's code such as Defensive Javascript Content Injection.

  Tags:  xss web application ryan-c.-barnett demonstration-page javascript-content  

• 14:10

  [Slides] XSS Street-Fight: The Only Rule Is There Are No Rules

   » ‎ SecDocs
  Authors: Ryan C. Barnett
  Tags: XSS
  Event: Black Hat DC 2011
  Abstract: Defending web applications from Cross-Site Scripting (XSS) attacks is extremely challenging, especially when the application's code can not be updated to fix the issue. This presentation will provide a walk-through of various XSS attack/defense/evasion lessons learned by Trustwave's SpiderLabs Research Team while working with commercial WAF customers, as well as, by receiving thousands of attacks against our public ModSecurity demonstration page. We will highlight cutting-edge XSS protection methods that are external to the web application's code such as Defensive Javascript Content Injection.

  Tags:  xss web application ryan-c.-barnett demonstration-page javascript-content black-hat  

• April 07, 2011
• 9:00

  Bugtraq: HTB22917: XSS vulnerabilities in phpCollab

   » ‎ SecurityFocus Vulnerabilities
  HTB22917: XSS vulnerabilities in phpCollab

  Tags:  xss htb phpcollab vulnerabilities  

• 8:00

  Bugtraq: HTB22919: Multiple XSS in Viscacha

   » ‎ SecurityFocus Vulnerabilities
  HTB22919: Multiple XSS in Viscacha

  Tags:  viscacha xss htb  

• April 06, 2011
• 9:07

  Bugtraq: Re: XSS in CompactCMS

   » ‎ SecurityFocus Vulnerabilities
  Re: XSS in CompactCMS

  Tags:  bugtraq compactcms xss  

• 9:00

  Bugtraq: XSS Vulnerability in Redmine 1.0.1 to 1.1.1

   » ‎ SecurityFocus Vulnerabilities
  XSS Vulnerability in Redmine 1.0.1 to 1.1.1

  Tags:  xss vulnerability redmine  

• April 05, 2011
• 10:00

  Bugtraq: HTB22911: XSS in Eleanor CMS

   » ‎ SecurityFocus Vulnerabilities
  HTB22911: XSS in Eleanor CMS

  Tags:  bugtraq xss htb eleanor-cms eleanor cms  

• April 04, 2011
• 14:00

  [webapps / 0day] - Yaws-Wiki 1.88-1 (Erlang) Stored and Reflective XSS Vulnerabilities

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  [webapps / 0day] - Yaws-Wiki 1.88-1 (Erlang) Stored and Reflective XSS Vulnerabilities

  Tags:  day wiki yaws xss  

• 9:00

  Bugtraq: Stored and Reflective XSS in Yaws-Wiki 1.88-1 (Erlang)

   » ‎ SecurityFocus Vulnerabilities
  Stored and Reflective XSS in Yaws-Wiki 1.88-1 (Erlang)

  Tags:  xss reflective stored yaws  

• April 01, 2011
• 13:56

  HP Security Bulletin HPSBMA02650 SSRT100429

   » ‎ Packet Storm Security Advisories
  HP Security Bulletin HPSBMA02650 SSRT100429 - Potential security vulnerabilities have been identified in HP Operations for UNIX. The vulnerabilities could be exploited remotely resulting in cross site scripting (XSS) or unauthorized access. Revision 1 of this advisory.

  Tags:  hpsbma bulletin security security-vulnerabilities security-bulletin xss  

• 13:56

  HP Security Bulletin HPSBMA02650 SSRT100429

   » ‎ Packet Storm Security Recent Files
  HP Security Bulletin HPSBMA02650 SSRT100429 - Potential security vulnerabilities have been identified in HP Operations for UNIX. The vulnerabilities could be exploited remotely resulting in cross site scripting (XSS) or unauthorized access. Revision 1 of this advisory.

  Tags:  hpsbma bulletin security security-vulnerabilities security-bulletin xss  

• 13:56

  HP Security Bulletin HPSBMA02650 SSRT100429

   » ‎ Packet Storm Security Misc. Files
  HP Security Bulletin HPSBMA02650 SSRT100429 - Potential security vulnerabilities have been identified in HP Operations for UNIX. The vulnerabilities could be exploited remotely resulting in cross site scripting (XSS) or unauthorized access. Revision 1 of this advisory.

  Tags:  hpsbma bulletin security security-vulnerabilities security-bulletin xss  

• March 31, 2011
• 9:03

  Bugtraq: HTB22906: XSS vulnerabilities in Collabtive

   » ‎ SecurityFocus Vulnerabilities
  HTB22906: XSS vulnerabilities in Collabtive

  Tags:  xss htb collabtive vulnerabilities  

• March 28, 2011
• 7:00

  Bugtraq: [security bulletin] HPSBMA02649 SSRT100430 rev.1 - HP Diagnostics, Remote Cross Site Scripting (XSS)

   » ‎ SecurityFocus Vulnerabilities
  [security bulletin] HPSBMA02649 SSRT100430 rev.1 - HP Diagnostics, Remote Cross Site Scripting (XSS)

  Tags:  hpsbma security bulletin security-bulletin xss bugtraq  

• March 27, 2011
• 14:00

  [webapps / 0day] - SimplisCMS 1.0.3.0 XSS / SQL Injection Vulnerabilities

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  [webapps / 0day] - SimplisCMS 1.0.3.0 XSS / SQL Injection Vulnerabilities

  Tags:  xss day simpliscms  

• March 24, 2011
• 9:00

  Bugtraq: HTB22895: XSS vulnerability in Ripe website manager

   » ‎ SecurityFocus Vulnerabilities
  HTB22895: XSS vulnerability in Ripe website manager

  Tags:  xss htb vulnerability website-manager  

• 9:00

  Bugtraq: HTB22902: XSS in SyndeoCMS

   » ‎ SecurityFocus Vulnerabilities
  HTB22902: XSS in SyndeoCMS

  Tags:  xss htb syndeocms  

• 8:00

  Bugtraq: HTB22900: Multiple XSS vulnerabilities in SyndeoCMS

   » ‎ SecurityFocus Vulnerabilities
  HTB22900: Multiple XSS vulnerabilities in SyndeoCMS

  Tags:  xss multiple htb vulnerabilities  

• March 23, 2011
• 15:00

  [webapps / 0day] - Spacenuke v3.2.5 => Persistent XSS Exploiable Vulnerability

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  [webapps / 0day] - Spacenuke v3.2.5 => Persistent XSS Exploiable Vulnerability

  Tags:  spacenuke persistent day xss vulnerability  

• 8:00

  Bugtraq: XSS in Oracle default fcgi-bin/echo

   » ‎ SecurityFocus Vulnerabilities
  XSS in Oracle default fcgi-bin/echo

  Tags:  xss oracle default  

• March 21, 2011
• 17:17

  Exploitation Of Self-Only XSS In Google Code

   » ‎ Packet Storm Security Recent Files
  Whitepaper called Exploitation of "Self-Only" Cross Site Scripting in Google Code. The author discusses how leveraging the use of clickjacking has enabled them to properly exploit a priorly non-exploitable cross site scripting issue in Google Code.

  Tags:  code google exploitation cross-site-scripting xss  

• 17:17

  Exploitation Of Self-Only XSS In Google Code

   » ‎ Packet Storm Security Misc. Files
  Whitepaper called Exploitation of "Self-Only" Cross Site Scripting in Google Code. The author discusses how leveraging the use of clickjacking has enabled them to properly exploit a priorly non-exploitable cross site scripting issue in Google Code.

  Tags:  code google exploitation cross-site-scripting xss  

• 9:00

  Bugtraq: XSS vulnerability in Web Poll Pro

   » ‎ SecurityFocus Vulnerabilities
  XSS vulnerability in Web Poll Pro

  Tags:  xss vulnerability web web-poll  

• March 17, 2011
• 8:00

  Bugtraq: HTB22891: XSS in Rating-Widget wordpress plugin

   » ‎ SecurityFocus Vulnerabilities
  HTB22891: XSS in Rating-Widget wordpress plugin

  Tags:  xss htb widget  

• 8:00

  Bugtraq: HTB22890: XSS in Rating-Widget wordpress plugin

   » ‎ SecurityFocus Vulnerabilities
  HTB22890: XSS in Rating-Widget wordpress plugin

  Tags:  xss htb widget  

• 8:00

  Bugtraq: HTB22889: XSS in Rating-Widget wordpress plugin

   » ‎ SecurityFocus Vulnerabilities
  HTB22889: XSS in Rating-Widget wordpress plugin

  Tags:  xss htb widget  

• March 16, 2011
• 15:00

  [webapps / 0day] - WikiWig 5.01 Multiple XSS Vulnerabilities

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  [webapps / 0day] - WikiWig 5.01 Multiple XSS Vulnerabilities

  Tags:  wikiwig day webapps xss  

• 8:02

  Bugtraq: [DSECRG-11-011] SAP Crystal Reports 2008 - Multiple XSS

   » ‎ SecurityFocus Vulnerabilities
  [DSECRG-11-011] SAP Crystal Reports 2008 - Multiple XSS

  Tags:  xss multiple sap crystal-reports  

• 8:02

  Bugtraq: [DSECRG-11-012] SAP NetWeaver Integration Directory - multiple XSS

   » ‎ SecurityFocus Vulnerabilities
  [DSECRG-11-012] SAP NetWeaver Integration Directory - multiple XSS

  Tags:  sap netweaver integration xss  

• 8:02

  Bugtraq: [DSECRG-11-013] SAP NetWeaver Runtime - multiple XSS

   » ‎ SecurityFocus Vulnerabilities
  [DSECRG-11-013] SAP NetWeaver Runtime - multiple XSS

  Tags:  xss sap-netweaver  

• March 15, 2011
• 8:02

  Bugtraq: HTB22884: XSS vulnerability in LotusCMS

   » ‎ SecurityFocus Vulnerabilities
  HTB22884: XSS vulnerability in LotusCMS

  Tags:  xss htb vulnerability  

• 8:01

  Bugtraq: HTB22885: XSS vulnerability in LotusCMS

   » ‎ SecurityFocus Vulnerabilities
  HTB22885: XSS vulnerability in LotusCMS

  Tags:  xss htb vulnerability  

• 8:00

  Bugtraq: HTB22887: XSS vulnerability in LotusCMS

   » ‎ SecurityFocus Vulnerabilities
  HTB22887: XSS vulnerability in LotusCMS

  Tags:  xss htb vulnerability  

• March 14, 2011
• 15:00

  [webapps / 0day] - SmarterMail 8.0 Multiple XSS Vulnerabilities

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  [webapps / 0day] - SmarterMail 8.0 Multiple XSS Vulnerabilities

  Tags:  day smartermail webapps xss  

• March 10, 2011
• 12:00

  Bugtraq: Re: HTB22875: XSS in Lazyest Gallery wordpress plugin

   » ‎ SecurityFocus Vulnerabilities
  Re: HTB22875: XSS in Lazyest Gallery wordpress plugin

  Tags:  xss htb lazyest  

• 12:00

  Bugtraq: [security bulletin] HPSBMA02629 SSRT100381 rev.3 - HP Power Manager (HPPM) Running on Linux and Windows, Cross Site Request Forgery (CSRF), Cross Site Scripting (XSS)

   » ‎ SecurityFocus Vulnerabilities
  [security bulletin] HPSBMA02629 SSRT100381 rev.3 - HP Power Manager (HPPM) Running on Linux and Windows, Cross Site Request Forgery (CSRF), Cross Site Scripting (XSS)

  Tags:  cross security site hp-power security-bulletin xss  

• 7:00

  Bugtraq: HTB22880: XSS vulnerability in CosmoShop

   » ‎ SecurityFocus Vulnerabilities
  HTB22880: XSS vulnerability in CosmoShop

  Tags:  xss htb vulnerability  

• 7:00

  Bugtraq: HTB22878: XSS vulnerability in CosmoShop

   » ‎ SecurityFocus Vulnerabilities
  HTB22878: XSS vulnerability in CosmoShop

  Tags:  xss htb vulnerability  

• 7:00

  Bugtraq: HTB22875: XSS in Lazyest Gallery wordpress plugin

   » ‎ SecurityFocus Vulnerabilities
  HTB22875: XSS in Lazyest Gallery wordpress plugin

  Tags:  xss htb lazyest  

• March 08, 2011
• 8:01

  Bugtraq: HTB22873: XSS in Inline Gallery wordpress plugin

   » ‎ SecurityFocus Vulnerabilities
  HTB22873: XSS in Inline Gallery wordpress plugin

  Tags:  xss htb inline  

• March 06, 2011
• 22:00

  Bugtraq: XSS in CubeCart

   » ‎ SecurityFocus Vulnerabilities
  XSS in CubeCart <= 2.0.7

  Tags:  bugtraq xss cubecart  

• March 04, 2011
• 8:25

  LMS Web Ensino XSRF / XSS / SQL Injection / Session Fixation

   » ‎ Packet Storm Security Exploits
  LMS Web Ensino suffers from cross site request forgery, cross site scripting, session fixation, and remote SQL injection vulnerabilities.

  Tags:  xss cross-site-scripting session-fixation  

• 8:25

  LMS Web Ensino XSRF / XSS / SQL Injection / Session Fixation

   » ‎ Packet Storm Security Recent Files
  LMS Web Ensino suffers from cross site request forgery, cross site scripting, session fixation, and remote SQL injection vulnerabilities.

  Tags:  ensino web lms xss cross-site-scripting session-fixation  

• 8:25

  LMS Web Ensino XSRF / XSS / SQL Injection / Session Fixation

   » ‎ Packet Storm Security Misc. Files
  LMS Web Ensino suffers from cross site request forgery, cross site scripting, session fixation, and remote SQL injection vulnerabilities.

  Tags:  ensino web lms xss cross-site-scripting session-fixation  

• March 03, 2011
• 14:00

  Bugtraq: HTB22865: XSS vulnerability in xtcModified

   » ‎ SecurityFocus Vulnerabilities
  HTB22865: XSS vulnerability in xtcModified

  Tags:  xss htb vulnerability  

• 13:00

  Bugtraq: HTB22863: XSS vulnerability in xtcModified

   » ‎ SecurityFocus Vulnerabilities
  HTB22863: XSS vulnerability in xtcModified

  Tags:  xss htb vulnerability  

• 13:00

  Bugtraq: HTB22866: XSS vulnerability in xtcModified

   » ‎ SecurityFocus Vulnerabilities
  HTB22866: XSS vulnerability in xtcModified

  Tags:  xss htb vulnerability  

• March 01, 2011
• 10:00

  Bugtraq: HTB22848: XSS in Mingle Forum wordpress plugin

   » ‎ SecurityFocus Vulnerabilities
  HTB22848: XSS in Mingle Forum wordpress plugin

  Tags:  xss htb mingle  

• February 24, 2011
• 8:01

  Bugtraq: HTB22847: XSS in IWantOneButton wordpress plugin

   » ‎ SecurityFocus Vulnerabilities
  HTB22847: XSS in IWantOneButton wordpress plugin

  Tags:  xss htb iwantonebutton wordpress-plugin  

• February 23, 2011
• 14:00

  [webapps / 0day] - ClanSphere 2010.3 Xss Vulnerability

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  [webapps / 0day] - ClanSphere 2010.3 Xss Vulnerability

  Tags:  day xss clansphere vulnerability  

• February 21, 2011
• 14:00

  [webapps / 0day] - VFront 0.95m (need login) Persistant XSS Vunerability

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  [webapps / 0day] - VFront 0.95m (need login) Persistant XSS Vunerability

  Tags:  day login vfront xss  

• 14:00

  [webapps / 0day] - dotproject 2.1.5 Xss / Sql Injection Vulnerabilities

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  [webapps / 0day] - dotproject 2.1.5 Xss / Sql Injection Vulnerabilities

  Tags:  day xss dotproject  

• February 15, 2011
• 10:00

  Bugtraq: HTB22830: Multiple XSS vulnerabilities in Gollos

   » ‎ SecurityFocus Vulnerabilities
  HTB22830: Multiple XSS vulnerabilities in Gollos

  Tags:  vulnerabilities xss htb  

• 10:00

  Bugtraq: HTB22826: Multiple XSS vulnerabilities in Wikipad

   » ‎ SecurityFocus Vulnerabilities
  HTB22826: Multiple XSS vulnerabilities in Wikipad

  Tags:  vulnerabilities xss htb  

• February 09, 2011
• 14:00

  [webapps / 0day] - SourceBans 1.4.7 XSS Vulnerability

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  [webapps / 0day] - SourceBans 1.4.7 XSS Vulnerability

  Tags:  xss sourcebans day vulnerability  

• 13:00

  Bugtraq: SourceBans Version 1.4.7 XSS

   » ‎ SecurityFocus Vulnerabilities
  SourceBans Version 1.4.7 XSS

  Tags:  bugtraq xss sourcebans  

• February 08, 2011
• 9:00

  Bugtraq: HTB22815: XSS vulnerability in ViArt Shop

   » ‎ SecurityFocus Vulnerabilities
  HTB22815: XSS vulnerability in ViArt Shop

  Tags:  xss htb vulnerability  

• 9:00

  Bugtraq: HTB22816: XSS vulnerability in ViArt Shop

   » ‎ SecurityFocus Vulnerabilities
  HTB22816: XSS vulnerability in ViArt Shop

  Tags:  xss htb vulnerability  

• February 07, 2011
• 14:00

  [webapps / 0day] - JAKCMS 2.0 PRO RC5 stored XSS via useragent HTTP header Injection

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  [webapps / 0day] - JAKCMS 2.0 PRO RC5 stored XSS via useragent HTTP header Injection

  Tags:  xss jakcms day rc5 http-header  

• 9:00

  Bugtraq: Re: TinyWebGallery: XSS + Directory Traversal

   » ‎ SecurityFocus Vulnerabilities
  Re: TinyWebGallery: XSS + Directory Traversal

  Tags:  directory xss tinywebgallery  

• February 03, 2011
• 8:00

  Bugtraq: HTB22802: XSS in Podcast Generator

   » ‎ SecurityFocus Vulnerabilities
  HTB22802: XSS in Podcast Generator

  Tags:  xss htb podcast  

• February 01, 2011
• 10:00

  Bugtraq: TinyWebGallery: XSS + Directory Traversal

   » ‎ SecurityFocus Vulnerabilities
  TinyWebGallery: XSS + Directory Traversal

  Tags:  directory xss tinywebgallery directory-traversal  

• January 30, 2011
• 14:00

  [webapps / 0day] - vBSEO 3.5.2 & 3.2.2 - Persistent XSS via LinkBacks

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  [webapps / 0day] - vBSEO 3.5.2 & 3.2.2 - Persistent XSS via LinkBacks

  Tags:  vbseo day webapps xss  

• January 29, 2011
• 14:00

  [local exploits] - Microsoft Internet Explorer MHTML Protocol Handler XSS

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  [local exploits] - Microsoft Internet Explorer MHTML Protocol Handler XSS

  Tags:  internet microsoft explorer protocol-handler internet-explorer xss  

• 1:58

  Microsoft Warns Of XSS Oh Day.. Hide Your Children!

   » ‎ Packet Storm Security Headlines
  Microsoft Warns Of XSS Oh Day.. Hide Your Children!

  Tags:  xss microsoft warns hide-your  

• January 24, 2011
• 22:35

  XSS Street-Fight: The Only Rule Is There Are No Rules

   » ‎ Packet Storm Security Recent Files
  Whitepaper called XSS Street-Fight: The Only Rule Is There Are No Rules.

  Tags:  xss rule whitepaper street-fight  

• 22:35

  XSS Street-Fight: The Only Rule Is There Are No Rules

   » ‎ Packet Storm Security Misc. Files
  Whitepaper called XSS Street-Fight: The Only Rule Is There Are No Rules.

  Tags:  xss rule whitepaper street-fight  

• January 15, 2011
• 14:00

  [webapps / 0day] - glFusion CMS 1.2.1 Stored XSS via img Tag

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  [webapps / 0day] - glFusion CMS 1.2.1 Stored XSS via img Tag

  Tags:  day glfusion cms xss  

• January 12, 2011
• 14:00

  [webapps / 0day] - LifeType 1.2.10 HTTP Referer stored XSS

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  [webapps / 0day] - LifeType 1.2.10 HTTP Referer stored XSS

  Tags:  day http lifetype xss  

• January 11, 2011
• 9:00

  Bugtraq: XSS vulnerability in diafan.CMS

   » ‎ SecurityFocus Vulnerabilities
  XSS vulnerability in diafan.CMS

  Tags:  xss vulnerability diafan cms