Enter of The Tarantula Team, VinCSS (a member of Vingroup)

6 exploits Active since Jul 2019
CVE-2019-12537 WRITEUP MEDIUM WORKING POC
Zohocorp Manageengine Assetexplorer - XSS
An issue was discovered in Zoho ManageEngine AssetExplorer. There is XSS via the SearchN.do search field.
CVSS 6.1
CVE-2019-12539 WRITEUP MEDIUM WORKING POC
Zohocorp Manageengine Servicedesk Plus - XSS
An issue was discovered in the Purchase component of Zoho ManageEngine ServiceDesk Plus. There is XSS via the SearchN.do search field, a different vulnerability than CVE-2019-12189.
CVSS 6.1
CVE-2019-12540 WRITEUP MEDIUM WORKING POC
Zohocorp Manageengine Servicedesk Plus - XSS
An issue was discovered in Zoho ManageEngine ServiceDesk Plus 10.5. There is XSS via the WorkOrder.do search field.
CVSS 6.1
CVE-2019-12595 WRITEUP MEDIUM WORKING POC
Zohocorp Manageengine Assetexplorer - XSS
An issue was discovered in Zoho ManageEngine AssetExplorer. There is XSS via the RCSettings.do rdsName parameter.
CVSS 6.1
CVE-2019-12596 WRITEUP MEDIUM WORKING POC
Zohocorp Manageengine Assetexplorer - XSS
An issue was discovered in Zoho ManageEngine AssetExplorer. There is XSS via SoftwareListView.do with the parameter swType or swComplianceType.
CVSS 6.1
CVE-2019-12597 WRITEUP MEDIUM WORKING POC
Zohocorp Manageengine Assetexplorer - XSS
An issue was discovered in Zoho ManageEngine AssetExplorer. There is XSS via ResourcesAttachments.jsp with the parameter pageName.
CVSS 6.1