AmirZargham

4 exploits Active since Jun 2022
CVE-2023-0099 NOMISEC MEDIUM WORKING POC
Simple URLs < 115 - Reflected Cross-Site Scripting
The Simple URLs WordPress plugin before 115 does not sanitise and escape some parameters before outputting them back in some pages, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
6 stars
CVSS 6.1
CVE-2024-37383 NOMISEC MEDIUM WORKING POC
Roundcube Webmail < 1.5.7 and 1.6.x < 1.6.7 - Cross-Site Scripting via SVG Animate Attributes
Roundcube Webmail before 1.5.7 and 1.6.x before 1.6.7 allows XSS via SVG animate attributes.
CVSS 6.1
CVE-2024-37383 EXPLOITDB MEDIUM text WORKING POC
Roundcube Webmail < 1.5.7 and 1.6.x < 1.6.7 - Cross-Site Scripting via SVG Animate Attributes
Roundcube Webmail before 1.5.7 and 1.6.x before 1.6.7 allows XSS via SVG animate attributes.
CVSS 6.1
CVE-2022-31470 EXPLOITDB MEDIUM text WORKING POC
Axigen Mobile WebMail <10.2.3.12 & <10.3.3.47 - XSS
An XSS vulnerability in the index_mobile_changepass.hsp reset-password section of Axigen Mobile WebMail before 10.2.3.12 and 10.3.x before 10.3.3.47 allows attackers to run arbitrary Javascript code that, using an active end-user session (for a logged-in user), can access and retrieve mailbox content.
CVSS 6.1