Captain_hook

3 exploits Active since Jul 2020
CVE-2021-24308 EXPLOITDB MEDIUM text WORKING POC
Lifterlms < 4.21.1 - XSS
The 'State' field of the Edit profile page of the LMS by LifterLMS – Online Course, Membership & Learning Management System Plugin for WordPress plugin before 4.21.1 is not properly sanitised when output in the About section of the profile page, leading to a stored Cross-Site Scripting issue. This could allow low privilege users (such as students) to elevate their privilege via an XSS attack when an admin will view their profile.
CVSS 5.4
CVE-2020-14166 EXPLOITDB MEDIUM text WRITEUP
Atlassian Jira Service Desk < 4.10.0 - XSS
The /servicedesk/customer/portals resource in Jira Service Desk Server and Data Center before version 4.10.0 allows remote attackers with project administrator privileges to inject arbitrary HTML or JavaScript names via an Cross Site Scripting (XSS) vulnerability by uploading a html file.
CVSS 4.8
CVE-2021-26078 EXPLOITDB MEDIUM text WORKING POC
Atlassian Data Center < 8.5.14 - XSS
The number range searcher component in Jira Server and Jira Data Center before version 8.5.14, from version 8.6.0 before version 8.13.6, and from version 8.14.0 before version 8.16.1 allows remote attackers inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability.
CVSS 6.1