Alexander Semenenko

CVE-2021-30146 NOMISEC MEDIUM WRITEUP

Seafile 7.0.5 - Stored Cross-Site Scripting via Library Share Functionality

Seafile 7.0.5 (2019) allows Persistent XSS via the "share of library functionality."

2 stars

CVSS 5.4

View Code

CVE-2021-29267 NOMISEC MEDIUM WRITEUP

Sherlock SherlockIM < 2021-03-29 - Cross-Site Scripting via Chatbot Attachment URI

Sherlock SherlockIM through 2021-03-29 allows Cross Site Scripting (XSS) by leveraging the api/Files/Attachment URI to attack help-desk staff via the chatbot feature.

1 stars

CVSS 6.1

View Code

CVE-2021-26903 NOMISEC MEDIUM WRITEUP

LMA ISIDA Retriever 5.2 - Cross-Site Scripting via query['text']

LMA ISIDA Retriever 5.2 is vulnerable to XSS via query['text'].

CVSS 6.1

View Code

CVE-2021-26904 NOMISEC CRITICAL WRITEUP

ISIDA Retriever 5.2 - SQL Injection

LMA ISIDA Retriever 5.2 allows SQL Injection.

CVSS 9.8

View Code

CVE-2020-16270 NOMISEC MEDIUM WRITEUP

OLIMPOKS < 3.3.39 - Authenticated Cross-Site Scripting via Error Message

OLIMPOKS under 3.3.39 allows Auth/Admin ErrorMessage XSS. Remote Attacker can use discovered vulnerability to inject malicious JavaScript payload to victim’s browsers in context of vulnerable applications. Executed code can be used to steal administrator’s cookies, influence HTML content of targeted application and perform phishing-related attacks. Vulnerable application used in more than 3000 organizations in different sectors from retail to industries.

CVSS 6.1

View Code

CVE-2019-13633 NOMISEC MEDIUM WRITEUP

Blinger v.1.0.2519 - Stored Cross-Site Scripting via Communication Channel

Blinger.io v.1.0.2519 is vulnerable to Blind/Persistent XSS. An attacker can send arbitrary JavaScript code via a built-in communication channel, such as Telegram, WhatsApp, Viber, Skype, Facebook, Vkontakte, or Odnoklassniki. This is mishandled within the administration panel for conversations/all, conversations/inbox, conversations/unassigned, and conversations/closed.

CVSS 6.1

View Code