Enter of The Tarantula Team, VinCSS (a member of Vingroup)

6 exploits Active since Jul 2019
CVE-2019-12537 WRITEUP MEDIUM WORKING POC
ManageEngine AssetExplorer - Stored Cross-Site Scripting via SearchN.do Search Field
An issue was discovered in Zoho ManageEngine AssetExplorer. There is XSS via the SearchN.do search field.
CVSS 6.1
CVE-2019-12539 WRITEUP MEDIUM WORKING POC
Zoho ManageEngine ServiceDesk Plus - Stored Cross-Site Scripting via Purchase Search Field
An issue was discovered in the Purchase component of Zoho ManageEngine ServiceDesk Plus. There is XSS via the SearchN.do search field, a different vulnerability than CVE-2019-12189.
CVSS 6.1
CVE-2019-12540 WRITEUP MEDIUM WORKING POC
Zoho ManageEngine ServiceDesk Plus 10.5 - Stored Cross-Site Scripting via WorkOrder.do Search Field
An issue was discovered in Zoho ManageEngine ServiceDesk Plus 10.5. There is XSS via the WorkOrder.do search field.
CVSS 6.1
CVE-2019-12595 WRITEUP MEDIUM WORKING POC
ManageEngine AssetExplorer - Stored Cross-Site Scripting via RCSettings.do rdsName Parameter
An issue was discovered in Zoho ManageEngine AssetExplorer. There is XSS via the RCSettings.do rdsName parameter.
CVSS 6.1
CVE-2019-12596 WRITEUP MEDIUM WORKING POC
ManageEngine AssetExplorer - Stored Cross-Site Scripting via SoftwareListView.do swType or swComplianceType Parameter
An issue was discovered in Zoho ManageEngine AssetExplorer. There is XSS via SoftwareListView.do with the parameter swType or swComplianceType.
CVSS 6.1
CVE-2019-12597 WRITEUP MEDIUM WORKING POC
ManageEngine AssetExplorer - Stored Cross-Site Scripting via ResourcesAttachments.jsp pageName Parameter
An issue was discovered in Zoho ManageEngine AssetExplorer. There is XSS via ResourcesAttachments.jsp with the parameter pageName.
CVSS 6.1