Catalin Iovita

6 exploits Active since Jul 2024
CVE-2024-39123 NOMISEC MEDIUM WRITEUP
janeczku Calibre-Web 0.6.0-0.6.21 - Cross-Site Scripting in Edit Book Comments
In janeczku Calibre-Web 0.6.0 to 0.6.21, the edit_book_comments function is vulnerable to Cross Site Scripting (XSS) due to improper sanitization performed by the clean_string function. The vulnerability arises from the way the clean_string function handles HTML sanitization.
2 stars
CVSS 5.4
CVE-2024-39123 WRITEUP MEDIUM WRITEUP
janeczku Calibre-Web 0.6.0-0.6.21 - Cross-Site Scripting in Edit Book Comments
In janeczku Calibre-Web 0.6.0 to 0.6.21, the edit_book_comments function is vulnerable to Cross Site Scripting (XSS) due to improper sanitization performed by the clean_string function. The vulnerability arises from the way the clean_string function handles HTML sanitization.
CVSS 5.4
CVE-2024-57716 WRITEUP HIGH WRITEUP
AutoQueryable 1.7.0 - Exposure of Sensitive Information via Unselectable Function
An issue in trenoncourt AutoQueryable v.1.7.0 allows a remote attacker to obtain sensitive information via the Unselectable function.
CVSS 7.5
CVE-2025-26127 WRITEUP MEDIUM WRITEUP
FileCloud 23.241.2 - Stored Cross-Site Scripting via Send for Approval Function
A stored cross-site scripting (XSS) vulnerability in the Send for Approval function of FileCloud v23.241.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
CVSS 5.0
EIP-2026-104264 EXPLOITDB text WRITEUP
Gitea 1.22.0 - Stored XSS
EIP-2026-104191 EXPLOITDB text WRITEUP
Calibre-web 0.6.21 - Stored XSS