Daniel Puente - Security Researcher - Exploit Intelligence Platform

CVE-2023-43884 WRITEUP MEDIUM WRITEUP

Subrion v4.2.1 - XSS

A Cross-site scripting (XSS) vulnerability in Reference ID from the panel Transactions, of Subrion v4.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into 'Reference ID' parameter.

CVSS 5.4

View Code

CVE-2024-25873 WRITEUP MEDIUM WRITEUP

Enhavo - Basic XSS

Enhavo v0.13.1 was discovered to contain an HTML injection vulnerability in the Author text field under the Blockquote module. This vulnerability allows attackers to execute arbitrary code via a crafted payload.

CVSS 5.4

View Code

CVE-2024-25874 WRITEUP MEDIUM WRITEUP

Enhavo - XSS

A cross-site scripting (XSS) vulnerability in the New/Edit Article module of Enhavo CMS v0.13.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Create Tag text field.

CVSS 5.4

View Code

CVE-2024-25875 WRITEUP MEDIUM WRITEUP

Enhavo - XSS

A cross-site scripting (XSS) vulnerability in the Header module of Enhavo CMS v0.13.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Undertitle text field.

CVSS 6.1

View Code

CVE-2024-25876 WRITEUP MEDIUM WRITEUP

Enhavo - XSS

A cross-site scripting (XSS) vulnerability in the Header module of Enhavo CMS v0.13.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title text field.

CVSS 6.1

View Code