Tag: xss

XSSRush: An automatic XSS scanner

XSSRush is an automatic XSS scanner. Available on Desktop, Chrome Extension, and Web Based. Screenshot: Link:

November 24, 2022
Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue < 3.1.25 – Reflected XSS

The Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue WordPress plugin before 3.1.25 does not escape the sib-statistics-date parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting issue Proof of Concept: Reference:

November 21, 2022
Elementor < 3.4.8 – DOM Cross-Site-Scripting

The plugin does not sanitise or escape user input appended to the DOM via a malicious hash, resulting in a DOM Cross-Site Scripting issue. The issue was initially fixed in 3.1.4, however re-introduced in 3.2.0. The base64 string is an encoded JSON with the following structure: This vulnerability has been fixed in the version 3.1.4.…

November 21, 2022