An issue was discovered in Quali CloudShell 9.3. An XSS vulnerability in the login page allows an attacker to craft a URL, with a constructor.constructor substring in the username field, that executes a payload when the user visits the /Account/Login page.
Author Archives: Bill Murphy
CVE-2020-16255
ownCloud (Core) before 10.5 allows XSS in login page ‘forgot password.’
CVE-2019-16961
SolarWinds Web Help Desk 12.7.0 allows XSS via a Schedule Name.
CVE-2020-16046
Script injection in iOSWeb in Google Chrome on iOS prior to 84.0.4147.105 allowed a remote attacker to execute arbitrary code via a crafted HTML page.
CVE-2020-16045
Use after Free in Payments in Google Chrome on Android prior to 87.0.4280.66 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.