404team - Security Researcher - Exploit Intelligence Platform

CVE-2017-14345 WRITEUP CRITICAL WRITEUP

tianchoy/blog <2017-09-12 - SQL Injection

SQL Injection exists in tianchoy/blog through 2017-09-12 via the id parameter to view.php.

CVSS 9.8

View Code

CVE-2018-5215 WRITEUP MEDIUM WRITEUP

Fork CMS 5.0.7 - XSS

Fork CMS 5.0.7 has XSS in /private/en/pages/edit via the title parameter.

CVSS 5.4

View Code

CVE-2018-5216 WRITEUP MEDIUM WRITEUP

Radiant CMS 1.1.4 - XSS

Radiant CMS 1.1.4 has XSS via crafted Markdown input in the part_body_content parameter to an admin/pages/*/edit resource.

CVSS 5.4

View Code

CVE-2018-6313 WRITEUP MEDIUM WRITEUP

Wbce Cms - XSS

Cross-site scripting (XSS) in WBCE CMS 1.3.1 allows remote authenticated administrators to inject arbitrary web script or HTML via the Modify Page screen, a different issue than CVE-2017-2118.

CVSS 4.8

View Code

CVE-2018-6561 WRITEUP MEDIUM WRITEUP

Dojo < 1.13.1 - XSS

dijit.Editor in Dojo Toolkit 1.13 allows XSS via the onload attribute of an SVG element.

CVSS 6.1

View Code

CVE-2018-7547 WRITEUP MEDIUM WRITEUP

Lingyun Lyadmin < 1.2.0 - XSS

lyadmin 1.x has XSS via the config[WEB_SITE_TITLE] parameter to the /admin.php?s=/admin/config/groupsave.html URI.

CVSS 4.8

View Code

CVE-2018-8069 WRITEUP MEDIUM WRITEUP

QCMS 3.0 - XSS

QCMS version 3.0 has XSS via the webname parameter to the /backend/system.html URI.

CVSS 5.4

View Code

CVE-2018-8070 WRITEUP MEDIUM WRITEUP

QCMS 3.0 - XSS

QCMS version 3.0 has XSS via the title parameter to the /guest/index.html URI.

CVSS 5.4

View Code

CVE-2018-9993 WRITEUP MEDIUM WRITEUP

Yunucms - XSS

YUNUCMS 1.0.7 has XSS via the content title on an admin/content/addcontent/cid/## page (aka a news center page).

CVSS 4.8

View Code