Captain_hook

3 exploits Active since Jul 2020
CVE-2021-24308 EXPLOITDB MEDIUM text WORKING POC
LifterLMS < 4.21.1 - Stored Cross-Site Scripting via Profile State Field
The 'State' field of the Edit profile page of the LMS by LifterLMS – Online Course, Membership & Learning Management System Plugin for WordPress plugin before 4.21.1 is not properly sanitised when output in the About section of the profile page, leading to a stored Cross-Site Scripting issue. This could allow low privilege users (such as students) to elevate their privilege via an XSS attack when an admin will view their profile.
CVSS 5.4
CVE-2020-14166 EXPLOITDB MEDIUM text WRITEUP
Jira Service Desk < 4.10.0 - Authenticated Stored Cross-Site Scripting via HTML File Upload
The /servicedesk/customer/portals resource in Jira Service Desk Server and Data Center before version 4.10.0 allows remote attackers with project administrator privileges to inject arbitrary HTML or JavaScript names via an Cross Site Scripting (XSS) vulnerability by uploading a html file.
CVSS 4.8
CVE-2021-26078 EXPLOITDB MEDIUM text WORKING POC
Atlassian Jira < 8.5.14, 8.6.0-8.13.6, 8.14.0-8.16.0 - Cross-Site Scripting in Number Range Searcher
The number range searcher component in Jira Server and Jira Data Center before version 8.5.14, from version 8.6.0 before version 8.13.6, and from version 8.14.0 before version 8.16.1 allows remote attackers inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability.
CVSS 6.1