Davide Bernacchia

7 exploits Active since Apr 2023
CVE-2023-26845 WRITEUP MEDIUM WRITEUP
OpenCATS 0.9.7 - CSRF
A Cross-Site Request Forgery (CSRF) in OpenCATS 0.9.7 allows attackers to force users into submitting web requests via unspecified vectors.
CVSS 4.3
CVE-2023-26846 WRITEUP MEDIUM WRITEUP
OpenCATS <0.9.7 - XSS
A stored cross-site scripting (XSS) vulnerability in OpenCATS v0.9.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the city parameter at opencats/index.php?m=candidates.
CVSS 5.4
CVE-2023-26847 WRITEUP MEDIUM WRITEUP
OpenCATS 0.9.7 - XSS
A stored cross-site scripting (XSS) vulnerability in OpenCATS v0.9.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the state parameter at opencats/index.php?m=candidates.
CVSS 5.4
CVE-2024-22643 WRITEUP MEDIUM WRITEUP
SEO Panel 4.10.0 - CSRF
A Cross-Site Request Forgery (CSRF) vulnerability in SEO Panel version 4.10.0 allows remote attackers to perform unauthorized user password resets.
CVSS 6.5
CVE-2024-22646 WRITEUP MEDIUM WRITEUP
SEO Panel <4.10.0 - Info Disclosure
An email address enumeration vulnerability exists in the password reset function of SEO Panel version 4.10.0. This allows an attacker to guess which emails exist on the system.
CVSS 5.3
CVE-2024-22647 WRITEUP MEDIUM WRITEUP
SEO Panel 4.10.0 - Info Disclosure
An user enumeration vulnerability was found in SEO Panel 4.10.0. This issue occurs during user authentication, where a difference in error messages could allow an attacker to determine if a username is valid or not, enabling a brute-force attack with valid usernames.
CVSS 5.3
CVE-2024-22648 WRITEUP MEDIUM WRITEUP
SEO Panel <4.10.0 - SSRF
A Blind SSRF vulnerability exists in the "Crawl Meta Data" functionality of SEO Panel version 4.10.0. This makes it possible for remote attackers to scan ports in the local environment.
CVSS 5.3