Furkan Karaarslan

3 exploits Active since Dec 2025
CVE-2023-54351 EXPLOITDB HIGH text WORKING POC
WordPress Sonaar Music Plugin 4.7 Stored XSS via Comments
WordPress Sonaar Music Plugin 4.7 contains a stored cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts through the comment functionality. Attackers can submit JavaScript payloads in the comment parameter to wp-comments-post.php which are stored and executed in the browsers of users viewing the affected playlist pages.
CVSS 7.2
CVE-2023-53904 EXPLOITDB MEDIUM text WORKING POC
Xenforo 2.2.13 - Authenticated Stored Cross-Site Scripting via Smilie Category Title Parameter
Xenforo 2.2.13 contains a stored cross-site scripting vulnerability that allows authenticated administrators to inject malicious scripts through the smilie category title parameter. Attackers can create a smilie category with a malicious script that will execute when the admin panel is loaded, potentially enabling further client-side attacks.
CVSS 4.6
EIP-2026-106527 EXPLOITDB text WORKING POC
Dolibarr Version 17.0.1 - Stored XSS