prafagr
prafagr
/ gist:bd641fcfe71661065e659672c737173b
Last active
June 5, 2018 14:21
Twonky Server 8.5 has XSS via a folder name on the Shared Folders screen
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Steps for reproduction: | |
| > 1. Navigate to Setting and then move to Shared folders section. | |
| > 2. Add a new folder with a name: "><img src=/ onerror=alert("XSS")> | |
| > 3. Confirm the changes. | |
| > 4. XSS is executed. | |
| > | |
| > ------------------------------------------ | |
| > | |
| > [Vulnerability Type] | |
| > Cross Site Scripting (XSS) |
prafagr
/ gist:98e625d2da82c5b9a7d75e6c3e947a63
Created
April 11, 2018 01:40
Frog CMS 0.9.5 has XSS via the /admin/?/user/add Name or Username parameter
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| > [Vulnerability Type] | |
| > Cross Site Scripting (XSS) | |
| > | |
| > ------------------------------------------ | |
| > | |
| > [Vendor of Product] | |
| > Frog CMS team | |
| > | |
| > ------------------------------------------ | |
| > |