Bruno Menna

10 exploits Active since Mar 2024
CVE-2024-27703 WRITEUP MEDIUM WRITEUP
Leantime 3.0.6 - XSS
Cross Site Scripting vulnerability in Leantime 3.0.6 allows a remote attacker to execute arbitrary code via the to-do title parameter.
CVSS 5.4
CVE-2024-27705 WRITEUP HIGH WORKING POC
Leantime v3.0.6 - XSS
Cross Site Scripting vulnerability in Leantime v3.0.6 allows attackers to execute arbitrary code via upload of crafted PDF file to the files/browse endpoint.
CVSS 7.6
CVE-2024-27706 WRITEUP MEDIUM WRITEUP
Huly Platform 0.6.202 - XSS
Cross Site Scripting vulnerability in Huly Platform v.0.6.202 allows attackers to execute arbitrary code via upload of crafted SVG file to issues.
CVSS 6.1
CVE-2024-27707 WRITEUP MEDIUM WORKING POC
Huly Platform <0.6.202 - SSRF
Server Side Request Forgery (SSRF) vulnerability in hcengineering Huly Platform v.0.6.202 allows attackers to run arbitrary code via upload of crafted SVG file.
CVSS 4.3
CVE-2024-28434 WRITEUP HIGH WORKING POC
Twenty - XSS
The CRM platform Twenty is vulnerable to stored cross site scripting via file upload in version 0.3.0. A crafted svg file can trigger the execution of the javascript code.
CVSS 7.6
CVE-2024-28435 WRITEUP MEDIUM WORKING POC
Twenty - SSRF
The CRM platform Twenty version 0.3.0 is vulnerable to SSRF via file upload.
CVSS 5.4
CVE-2024-29318 WRITEUP MEDIUM WORKING POC
Volmarg Personal Management System 1.4.64 - XSS
Volmarg Personal Management System 1.4.64 is vulnerable to stored cross site scripting (XSS) via upload of a SVG file with embedded javascript code.
CVSS 5.4
CVE-2024-29319 WRITEUP CRITICAL WORKING POC
Volmarg Personal Management System 1.4.64 - SSRF
Volmarg Personal Management System 1.4.64 is vulnerable to SSRF (Server Side Request Forgery) via uploading a SVG file. The server can make unintended HTTP and DNS requests to a server that the attacker controls.
CVSS 9.8
CVE-2024-48448 WRITEUP MEDIUM WORKING POC
Huly Platform <0.6.295 - RCE
An arbitrary file upload vulnerability in Huly Platform v0.6.295 allows attackers to execute arbitrary code via uploading a crafted HTML file into the tracker comments page.
CVSS 6.1
CVE-2024-48450 WRITEUP MEDIUM WORKING POC
Huly Platform <0.6.295 - RCE
An arbitrary file upload vulnerability in Huly Platform v0.6.295 allows attackers to execute arbitrary code via uploading a crafted HTML file into chat group.
CVSS 6.5