Alejandro Amorín

3 exploits Active since Sep 2023
CVE-2023-41601 WRITEUP MEDIUM WRITEUP
CSZ CMS 1.3.0 - Stored Cross-Site Scripting via Database Username or Host Parameters
Multiple cross-site scripting (XSS) vulnerabilities in install/index.php of CSZ CMS v1.3.0 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Database Username or Database Host parameters.
CVSS 6.1
CVE-2023-43828 WRITEUP MEDIUM WRITEUP
Subrion 4.2.1 - Stored Cross-Site Scripting via Title Parameter
A Cross-site scripting (XSS) vulnerability in /panel/languages/ of Subrion v4.2.1 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into 'Title' parameter.
CVSS 5.4
CVE-2023-43830 WRITEUP MEDIUM WRITEUP
Subrion 4.2.1 - Stored Cross-Site Scripting in Financial Configuration Fields
A Cross-site scripting (XSS) vulnerability in /panel/configuration/financial/ of Subrion v4.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into several fields: 'Minimum deposit', 'Maximum deposit' and/or 'Maximum balance'.
CVSS 5.4