CrownZTX - Security Researcher - Exploit Intelligence Platform

CVE-2023-37786 WRITEUP MEDIUM WRITEUP

Geeklog 2.2.2 - Stored Cross-Site Scripting via Mail Settings Parameters

Multiple cross-site scripting (XSS) vulnerabilities in Geeklog v2.2.2 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Mail Settings[backend], Mail Settings[host], Mail Settings[port] and Mail Settings[auth] parameters of the /admin/configuration.php.

CVSS 4.8

View Code

CVE-2023-37785 WRITEUP MEDIUM WRITEUP

ImpressCMS < 1.4.5 - Cross-Site Scripting via Smile Code Parameter in Edit Profile

A cross-site scripting (XSS) vulnerability in ImpressCMS v1.4.5 and before allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the smile_code parameter of the component /editprofile.php.

CVSS 4.8

View Code

CVE-2023-37787 WRITEUP MEDIUM WORKING POC

Geeklog 2.2.2 - Stored Cross-Site Scripting via Rule and Route Parameters

Multiple cross-site scripting (XSS) vulnerabilities in Geeklog v2.2.2 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Rule and Route parameters of /admin/router.php.

CVSS 4.8

View Code

CVE-2023-46058 WRITEUP MEDIUM WRITEUP

Geeklog 2.2.2 - Stored Cross-Site Scripting via grp_desc Parameter in admin/group.php

Cross Site Scripting (XSS) vulnerability in Geeklog-Core geeklog v.2.2.2 allows a remote attacker to execute arbitrary code via a crafted payload to the grp_desc parameter of the admin/group.php component.

CVSS 4.8

View Code

CVE-2023-46059 WRITEUP MEDIUM WRITEUP

Geeklog 2.2.2 - Cross-Site Scripting via Service and Website URL Parameters in admin/trackback.php

Cross Site Scripting (XSS) vulnerability in Geeklog-Core geeklog v.2.2.2 allows a remote attacker to execute arbitrary code via a crafted payload to the Service, and website URL to Ping parameters of the admin/trackback.php component.

CVSS 4.8

View Code

CVE-2024-30950 WRITEUP LOW WRITEUP

FUDforum 3.1.3 - Stored Cross-Site Scripting via SQL Statements Field

A stored cross-site scripting (XSS) vulnerability in FUDforum v3.1.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the SQL statements field under /adm/admsql.php.

CVSS 3.5

View Code

CVE-2024-30951 WRITEUP MEDIUM WRITEUP

FUDforum v3.1.3 - Reflected Cross-Site Scripting via chpos Parameter

FUDforum v3.1.3 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the chpos parameter at /adm/admsmiley.php.

CVSS 6.1

View Code

CVE-2024-30952 WRITEUP MEDIUM WRITEUP

PESCMS-TEAM 2.3.6 - Stored Cross-Site Scripting via Domain Input Field

A stored cross-site scripting (XSS) vulnerability in PESCMS-TEAM v2.3.6 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the domain input field under /youdoamin/?g=Team&m=Setting&a=action.

CVSS 6.1

View Code

CVE-2024-30953 WRITEUP MEDIUM WRITEUP

htmly 2.9.5 - Stored Cross-Site Scripting via Menu Editor Link Name Parameter

A stored cross-site scripting (XSS) vulnerability in Htmly v2.9.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Link Name parameter of Menu Editor module.

CVSS 6.1

View Code