CrownZTX

8 exploits Active since Jul 2023
CVE-2023-37785 WRITEUP MEDIUM WRITEUP
Impresscms < 1.4.5 - XSS
A cross-site scripting (XSS) vulnerability in ImpressCMS v1.4.5 and before allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the smile_code parameter of the component /editprofile.php.
CVSS 4.8
CVE-2023-37787 WRITEUP MEDIUM WORKING POC
Geeklog - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Geeklog v2.2.2 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Rule and Route parameters of /admin/router.php.
CVSS 4.8
CVE-2023-46058 WRITEUP MEDIUM WRITEUP
Geeklog-Core geeklog <2.2.2 - XSS
Cross Site Scripting (XSS) vulnerability in Geeklog-Core geeklog v.2.2.2 allows a remote attacker to execute arbitrary code via a crafted payload to the grp_desc parameter of the admin/group.php component.
CVSS 4.8
CVE-2023-46059 WRITEUP MEDIUM WRITEUP
Geeklog-Core geeklog <2.2.2 - XSS
Cross Site Scripting (XSS) vulnerability in Geeklog-Core geeklog v.2.2.2 allows a remote attacker to execute arbitrary code via a crafted payload to the Service, and website URL to Ping parameters of the admin/trackback.php component.
CVSS 4.8
CVE-2024-30950 WRITEUP LOW WRITEUP
Fudforum - XSS
A stored cross-site scripting (XSS) vulnerability in FUDforum v3.1.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the SQL statements field under /adm/admsql.php.
CVSS 3.5
CVE-2024-30951 WRITEUP MEDIUM WRITEUP
Fudforum - XSS
FUDforum v3.1.3 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the chpos parameter at /adm/admsmiley.php.
CVSS 6.1
CVE-2024-30952 WRITEUP MEDIUM WRITEUP
PESCMS-TEAM <2.3.6 - XSS
A stored cross-site scripting (XSS) vulnerability in PESCMS-TEAM v2.3.6 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the domain input field under /youdoamin/?g=Team&m=Setting&a=action.
CVSS 6.1
CVE-2024-30953 WRITEUP MEDIUM WRITEUP
Htmly - XSS
A stored cross-site scripting (XSS) vulnerability in Htmly v2.9.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Link Name parameter of Menu Editor module.
CVSS 6.1