Daniel Puente

CVE-2023-43884 WRITEUP MEDIUM WRITEUP

Subrion 4.2.1 - Stored Cross-Site Scripting via Reference ID Parameter

A Cross-site scripting (XSS) vulnerability in Reference ID from the panel Transactions, of Subrion v4.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into 'Reference ID' parameter.

CVSS 5.4

View Code

CVE-2024-25873 WRITEUP MEDIUM WRITEUP

Enhavo 0.13.1 - Cross-Site Scripting in Blockquote Author Text Field

Enhavo v0.13.1 was discovered to contain an HTML injection vulnerability in the Author text field under the Blockquote module. This vulnerability allows attackers to execute arbitrary code via a crafted payload.

CVSS 5.4

View Code

CVE-2024-25874 WRITEUP MEDIUM WRITEUP

Enhavo CMS 0.13.1 - Stored Cross-Site Scripting via Create Tag Text Field

A cross-site scripting (XSS) vulnerability in the New/Edit Article module of Enhavo CMS v0.13.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Create Tag text field.

CVSS 5.4

View Code

CVE-2024-25875 WRITEUP MEDIUM WRITEUP

Enhavo CMS 0.13.1 - Stored Cross-Site Scripting in Header Undertitle Field

A cross-site scripting (XSS) vulnerability in the Header module of Enhavo CMS v0.13.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Undertitle text field.

CVSS 6.1

View Code

CVE-2024-25876 WRITEUP MEDIUM WRITEUP

Enhavo CMS 0.13.1 - Stored Cross-Site Scripting in Header Module Title Field

A cross-site scripting (XSS) vulnerability in the Header module of Enhavo CMS v0.13.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title text field.

CVSS 6.1

View Code