HTML Injection – TP-Link TL-WR740N/TL-WR740ND
On TP-Link TL-WR740N v4 and TL-WR740ND v4 devices, an attacker with access to the admin panel can inject…
Form Action Hijacking/HTML Injection – ifood
Neste write-up demonstro a exploração de duas vulnerabilidades que identifiquei em uma das aplicações web do ifood, um…
Cross-site Scripting – Iframe Plugin Worpress
The iframe plugin before 4.5 does not sanitize a URL. CVE: CVE-2020-9460CVSS: AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NActive Installations: 100,000Version: v4.5Researcher: Guilherme RubertPayload:…
Stored Cross-site Scripting – Oempro API
Octech Oempro 4.7 through 4.11 allow XSS by an authenticated user. The parameter CampaignName in Campaign.Create is vulnerable….