Christian Loessl

2 exploits Active since Sep 2023
CVE-2023-37829 WRITEUP MEDIUM WRITEUP
General Solutions Steiner GmbH CASE 3 Taskmanagement 3.3 - Cross-Site Scripting via Notification Message Parameter
A cross-site scripting (XSS) vulnerability in General Solutions Steiner GmbH CASE 3 Taskmanagement V 3.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the notification.message parameter.
CVSS 6.1
CVE-2025-51506 WRITEUP MEDIUM WRITEUP
HRForecast Suite 0.4.3 - Authenticated SQL Injection via valueKey Parameter
In the smartLibrary component of the HRForecast Suite 0.4.3, a SQL injection vulnerability was discovered in the valueKey parameter. This flaw enables any authenticated user to execute arbitrary SQL queries, via crafted payloads to valueKey to the api/smartlibrary/v2/en/dictionaries/options/lookup endpoint.
CVSS 6.5