AmirZargham - Security Researcher - Exploit Intelligence Platform

CVE-2023-0099 NOMISEC MEDIUM WORKING POC

Simple URLs WP <115 - XSS

The Simple URLs WordPress plugin before 115 does not sanitise and escape some parameters before outputting them back in some pages, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin.

6 stars

CVSS 6.1

View Code

CVE-2024-37383 NOMISEC MEDIUM WORKING POC

Roundcube Webmail < 1.5.7 - XSS

Roundcube Webmail before 1.5.7 and 1.6.x before 1.6.7 allows XSS via SVG animate attributes.

CVSS 6.1

View Code

CVE-2024-37383 EXPLOITDB MEDIUM text WORKING POC

Roundcube Webmail < 1.5.7 - XSS

Roundcube Webmail before 1.5.7 and 1.6.x before 1.6.7 allows XSS via SVG animate attributes.

CVSS 6.1

View Code

CVE-2022-31470 EXPLOITDB MEDIUM text WORKING POC

Axigen Mobile WebMail <10.2.3.12 & <10.3.3.47 - XSS

An XSS vulnerability in the index_mobile_changepass.hsp reset-password section of Axigen Mobile WebMail before 10.2.3.12 and 10.3.x before 10.3.3.47 allows attackers to run arbitrary Javascript code that, using an active end-user session (for a logged-in user), can access and retrieve mailbox content.

CVSS 6.1

View Code