404team

9 exploits Active since Sep 2017
CVE-2017-14345 WRITEUP CRITICAL WRITEUP
tianchoy/blog <2017-09-12 - SQL Injection
SQL Injection exists in tianchoy/blog through 2017-09-12 via the id parameter to view.php.
CVSS 9.8
CVE-2018-5215 WRITEUP MEDIUM WRITEUP
Fork CMS 5.0.7 - Stored Cross-Site Scripting via Title Parameter
Fork CMS 5.0.7 has XSS in /private/en/pages/edit via the title parameter.
CVSS 5.4
CVE-2018-5216 WRITEUP MEDIUM WRITEUP
Radiant CMS 1.1.4 - Stored Cross-Site Scripting via Markdown Input in Page Editor
Radiant CMS 1.1.4 has XSS via crafted Markdown input in the part_body_content parameter to an admin/pages/*/edit resource.
CVSS 5.4
CVE-2018-6313 WRITEUP MEDIUM WRITEUP
WBCE CMS 1.3.1 - Authenticated Stored Cross-Site Scripting via Modify Page Screen
Cross-site scripting (XSS) in WBCE CMS 1.3.1 allows remote authenticated administrators to inject arbitrary web script or HTML via the Modify Page screen, a different issue than CVE-2017-2118.
CVSS 4.8
CVE-2018-6561 WRITEUP MEDIUM WRITEUP
Dojo Toolkit 1.13 - Cross-Site Scripting via SVG onload Attribute in dijit.Editor
dijit.Editor in Dojo Toolkit 1.13 allows XSS via the onload attribute of an SVG element.
CVSS 6.1
CVE-2018-7547 WRITEUP MEDIUM WRITEUP
lyadmin 1.0.0-1.1.x - Stored Cross-Site Scripting via WEB_SITE_TITLE Parameter
lyadmin 1.x has XSS via the config[WEB_SITE_TITLE] parameter to the /admin.php?s=/admin/config/groupsave.html URI.
CVSS 4.8
CVE-2018-8069 WRITEUP MEDIUM WRITEUP
qcms 3.0 - Cross-Site Scripting via Webname Parameter
QCMS version 3.0 has XSS via the webname parameter to the /backend/system.html URI.
CVSS 5.4
CVE-2018-8070 WRITEUP MEDIUM WRITEUP
QCMS 3.0 - Cross-Site Scripting via Title Parameter
QCMS version 3.0 has XSS via the title parameter to the /guest/index.html URI.
CVSS 5.4
CVE-2018-9993 WRITEUP MEDIUM WRITEUP
YUNUCMS 1.0.7 - Stored Cross-Site Scripting via News Center Content Title
YUNUCMS 1.0.7 has XSS via the content title on an admin/content/addcontent/cid/## page (aka a news center page).
CVSS 4.8