Ahmet GÜREL

2 exploits Active since Apr 2018
CVE-2018-9163 EXPLOITDB MEDIUM text WORKING POC
ManageEngine Recovery Manager Plus < 5.3 - Stored XSS via technicianAction.do loginName
A stored Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Recovery Manager Plus before 5.3 (Build 5350) allows remote authenticated users (with Add New Technician permissions) to inject arbitrary web script or HTML via the loginName field to technicianAction.do.
CVSS 5.4
CVE-2018-11538 EXPLOITDB HIGH text WORKING POC
Searchblox - Cross-Site Request Forgery
servlet/UserServlet in SearchBlox 8.6.6 has CSRF via the u_name, u_passwd1, u_passwd2, role, and X-XSRF-TOKEN POST parameters because of CSRF Token Bypass.
CVSS 8.8