Chandler Johnson

10 exploits Active since Jan 2026
CVE-2026-26721 WRITEUP HIGH WRITEUP
Key Systems GFMS 20230721a - Info Disclosure
An issue in Key Systems Inc Global Facilities Management Software v.20230721a allows a remote attacker to obtain sensitive information via the sid query parameter.
CVSS 7.1
CVE-2026-26722 WRITEUP CRITICAL WRITEUP
Key Systems GFMS 20230721a - Privilege Escalation
An issue in Key Systems Inc Global Facilities Management Software v.20230721a allows a remote attacker to escalate privileges via PIN component of the login functionality.
CVSS 9.4
CVE-2026-26723 WRITEUP HIGH WRITEUP
Key Systems GFMS 20230721a - XSS
Cross Site Scripting vulnerability in Key Systems Inc Global Facilities Management Software v. 20230721a allows a remote attacker to execute arbitrary code via the function parameter.
CVSS 8.2
CVE-2026-26724 WRITEUP HIGH WRITEUP
Key Systems GFMS 20230721a - XSS
Cross Site Scripting vulnerability in Key Systems Inc Global Facilities Management Software v. 20230721a allows a remote attacker to execute arbitrary code via the selectgroup and gn parameters on the /?Function=Groups endpoint.
CVSS 7.6
CVE-2026-26725 WRITEUP CRITICAL WRITEUP
Print Shop Pro WebDesk 18.34 - Privilege Escalation
An issue in edu Business Solutions Print Shop Pro WebDesk v.18.34 allows a remote attacker to escalate privileges via the AccessID parameter.
CVSS 9.8
CVE-2025-61546 WRITEUP CRITICAL WRITEUP
Print Shop Pro WebDesk <19.69 - RCE
There is an issue on the /PSP/appNET/Store/CartV12.aspx/GetUnitPrice endpoint in edu Business Solutions Print Shop Pro WebDesk version 18.34 (fixed in 19.69) that enables remote attacker to create financial discrepancies by purchasing items with a negative quantity. This vulnerability is possible due to reliance on client-side input validation controls.
CVSS 9.1
CVE-2025-61547 WRITEUP MEDIUM WRITEUP
Edu Business Solutions Print Shop Pro WebDesk <19.76 - CSRF
Cross-Site Request Forgery (CSRF) is present on all functions in edu Business Solutions Print Shop Pro WebDesk version 18.34 (fixed in 19.76). The application does not implement proper CSRF tokens or other other protective measures, allowing a remote attacker to trick authenticated users into unknowingly executing unintended actions within their session. This can lead to unauthorized data modification such as credential updates.
CVSS 6.8
CVE-2025-61548 WRITEUP CRITICAL WRITEUP
edu Business Solutions Print Shop Pro WebDesk <19.69 - SQL Injection
SQL Injection is present on the hfInventoryDistFormID parameter in the /PSP/appNET/Store/CartV12.aspx/GetUnitPrice endpoint in edu Business Solutions Print Shop Pro WebDesk version 18.34 (fixed in 19.69). Unsanitized user input is incorporated directly into SQL queries without proper parameterization or escaping. This vulnerability allows remote attackers to execute arbitrary SQL commands
CVSS 9.8
CVE-2025-61549 WRITEUP MEDIUM WRITEUP
Print Shop Pro WebDesk <19.76 - XSS
Cross-Site Scripting (XSS) is present on the LoginID parameter on the /PSP/app/web/reg/reg_display.asp endpoint in edu Business Solutions Print Shop Pro WebDesk version 18.34 (fixed in 19.76). Unsanitized user input is reflected in HTTP responses without proper HTML encoding or escaping. This allows attackers to execute arbitrary JavaScript in the context of a victim s browser session
CVSS 6.1
CVE-2025-61550 WRITEUP MEDIUM WRITEUP
edu Business Solutions Print Shop Pro WebDesk <19.69 - XSS
Cross-Site Scripting (XSS) is present on the ctl00_Content01_fieldValue parameters on the /psp/appNet/TemplateOrder/TemplatePreview.aspx endpoint in edu Business Solutions Print Shop Pro WebDesk version 18.34 (fixed in 19.69). User-supplied input is stored and later rendered in HTML pages without proper output encoding or sanitization. This allows attackers to persistently inject arbitrary JavaScript that executes in the context of other users' sessions
CVSS 5.4