Guilherme Rubert

6 exploits Active since Apr 2020
CVE-2020-9461 NOMISEC MEDIUM WRITEUP
Octech Oempro < 4.11 - XSS
Octech Oempro 4.7 through 4.11 allow stored XSS by an authenticated user. The FolderName parameter of the Media.CreateFolder command is vulnerable.
2 stars
CVSS 5.4
CVE-2020-9460 NOMISEC MEDIUM WRITEUP
Octech Oempro < 4.11 - XSS
Octech Oempro 4.7 through 4.11 allow XSS by an authenticated user. The parameter CampaignName in Campaign.Create is vulnerable.
1 stars
CVSS 5.4
CVE-2020-12696 NOMISEC MEDIUM WRITEUP
WordPress <4.5 - XSS
The iframe plugin before 4.5 for WordPress does not sanitize a URL.
CVSS 6.1
CVE-2020-14965 NOMISEC MEDIUM WRITEUP
TP-Link TL-WR740N/ND v4 - XSS
On TP-Link TL-WR740N v4 and TL-WR740ND v4 devices, an attacker with access to the admin panel can inject HTML code and change the HTML context of the target pages and stations in the access-control settings via targets_lists_name or hosts_lists_name. The vulnerability can also be exploited through a CSRF, requiring no authentication as an administrator.
CVSS 4.8
CVE-2020-9460 INTHEWILD MEDIUM WRITEUP
Octech Oempro < 4.11 - XSS
Octech Oempro 4.7 through 4.11 allow XSS by an authenticated user. The parameter CampaignName in Campaign.Create is vulnerable.
CVSS 5.4
CVE-2020-9461 INTHEWILD MEDIUM WRITEUP
Octech Oempro < 4.11 - XSS
Octech Oempro 4.7 through 4.11 allow stored XSS by an authenticated user. The FolderName parameter of the Media.CreateFolder command is vulnerable.
CVSS 5.4