Bruno Menna

10 exploits Active since Mar 2024
CVE-2024-27703 WRITEUP MEDIUM WRITEUP
Leantime 3.0.6 - Cross-Site Scripting via To-Do Title Parameter
Cross Site Scripting vulnerability in Leantime 3.0.6 allows a remote attacker to execute arbitrary code via the to-do title parameter.
CVSS 5.4
CVE-2024-27705 WRITEUP HIGH WORKING POC
Leantime 3.0.6 - Stored Cross-Site Scripting via PDF File Upload
Cross Site Scripting vulnerability in Leantime v3.0.6 allows attackers to execute arbitrary code via upload of crafted PDF file to the files/browse endpoint.
CVSS 7.6
CVE-2024-27706 WRITEUP MEDIUM WRITEUP
Huly Platform 0.6.202 - Stored Cross-Site Scripting via SVG File Upload
Cross Site Scripting vulnerability in Huly Platform v.0.6.202 allows attackers to execute arbitrary code via upload of crafted SVG file to issues.
CVSS 6.1
CVE-2024-27707 WRITEUP MEDIUM WORKING POC
Huly Platform 0.6.202 - Server-Side Request Forgery via SVG File Upload
Server Side Request Forgery (SSRF) vulnerability in hcengineering Huly Platform v.0.6.202 allows attackers to run arbitrary code via upload of crafted SVG file.
CVSS 4.3
CVE-2024-28434 WRITEUP HIGH WORKING POC
Twenty 0.3.0 - Stored Cross-Site Scripting via SVG File Upload
The CRM platform Twenty is vulnerable to stored cross site scripting via file upload in version 0.3.0. A crafted svg file can trigger the execution of the javascript code.
CVSS 7.6
CVE-2024-28435 WRITEUP MEDIUM WORKING POC
Twenty CRM 0.3.0 - Server-Side Request Forgery via File Upload
The CRM platform Twenty version 0.3.0 is vulnerable to SSRF via file upload.
CVSS 5.4
CVE-2024-29318 WRITEUP MEDIUM WORKING POC
Volmarg Personal Management System 1.4.64 - XSS
Volmarg Personal Management System 1.4.64 is vulnerable to stored cross site scripting (XSS) via upload of a SVG file with embedded javascript code.
CVSS 5.4
CVE-2024-29319 WRITEUP CRITICAL WORKING POC
Volmarg Personal Management System 1.4.64 - SSRF
Volmarg Personal Management System 1.4.64 is vulnerable to SSRF (Server Side Request Forgery) via uploading a SVG file. The server can make unintended HTTP and DNS requests to a server that the attacker controls.
CVSS 9.8
CVE-2024-48448 WRITEUP MEDIUM WORKING POC
Huly Platform 0.6.295 - Arbitrary File Upload and Remote Code Execution via Tracker Comments Page
An arbitrary file upload vulnerability in Huly Platform v0.6.295 allows attackers to execute arbitrary code via uploading a crafted HTML file into the tracker comments page.
CVSS 6.1
CVE-2024-48450 WRITEUP MEDIUM WORKING POC
Huly Platform 0.6.295 - Arbitrary File Upload and Remote Code Execution via Crafted HTML File
An arbitrary file upload vulnerability in Huly Platform v0.6.295 allows attackers to execute arbitrary code via uploading a crafted HTML file into chat group.
CVSS 6.5