Emirhan Yücel - Security Researcher - Exploit Intelligence Platform

CVE-2025-70958 WRITEUP MEDIUM WRITEUP

Subrion CMS 4.2.1 - Reflected Cross-Site Scripting via Installation Module Parameters

Multiple reflected cross-site scripting (XSS) vulnerabilities in the installation module of Subrion CMS v4.2.1 allows attackers to execute arbitrary Javascript in the context of the user's browser via injecting a crafted payload into the dbuser, dbpwd, and dbname parameters.

CVSS 6.1

View Code

CVE-2025-70959 WRITEUP MEDIUM WRITEUP

Tendenci CMS 15.3.7 - Stored Cross-Site Scripting in Jobs Module

A stored cross-site scripting (XSS) vulnerability in the Jobs module of Tendenci CMS v15.3.7 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload.

CVSS 5.4

View Code

CVE-2025-70960 WRITEUP MEDIUM WRITEUP

Tendenci CMS 15.3.7 - Stored Cross-Site Scripting in Forums Module

A stored cross-site scripting (XSS) vulnerability in the Forums module of Tendenci CMS v15.3.7 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload.

CVSS 5.4

View Code