Emre Aslan

5 exploits Active since Nov 2020
CVE-2020-37236 EXPLOITDB MEDIUM text WORKING POC
NewsLister Authenticated Persistent Cross-Site Scripting via Admin Panel
NewsLister contains an authenticated persistent cross-site scripting vulnerability that allows authenticated administrators to inject malicious scripts through the title parameter in the news addition interface. Attackers can inject JavaScript payloads via the title field in the admin panel that execute when news items are viewed by other users.
CVSS 6.4
CVE-2020-29070 WRITEUP MEDIUM WRITEUP
osCommerce 2.3.4.1 - Authenticated Stored Cross-Site Scripting in Newsletter Title
osCommerce 2.3.4.1 has XSS vulnerability via the authenticated user entering the XSS payload into the title section of newsletters.
CVSS 4.8
CVE-2020-29364 WRITEUP MEDIUM WRITEUP
NetArt News Lister 1.0.0 - Stored Cross-Site Scripting in News Headlines
In NetArt News Lister 1.0.0, the news headlines vulnerable to stored xss attacks. Attackers can inject codes in news titles.
CVSS 4.8
EIP-2026-110377 EXPLOITDB text WORKING POC
osCommerce 2.3.4.1 - 'title' Persistent Cross-Site Scripting
EIP-2026-105652 EXPLOITDB text WORKING POC
Bus Pass Management System 1.0 - 'adminname' Stored Cross-Site Scripting (XSS)