Guilherme Rubert

6 exploits Active since Apr 2020
CVE-2020-9461 NOMISEC MEDIUM WRITEUP
Octech Oempro 4.7-4.11 - Authenticated Stored Cross-Site Scripting via Media.CreateFolder FolderName Parameter
Octech Oempro 4.7 through 4.11 allow stored XSS by an authenticated user. The FolderName parameter of the Media.CreateFolder command is vulnerable.
2 stars
CVSS 5.4
CVE-2020-9460 NOMISEC MEDIUM WRITEUP
Oempro 4.7-4.11 - Authenticated Cross-Site Scripting via CampaignName Parameter
Octech Oempro 4.7 through 4.11 allow XSS by an authenticated user. The parameter CampaignName in Campaign.Create is vulnerable.
1 stars
CVSS 5.4
CVE-2020-12696 NOMISEC MEDIUM WRITEUP
iframe < 4.5 - Cross-Site Scripting via URL Parameter
The iframe plugin before 4.5 for WordPress does not sanitize a URL.
CVSS 6.1
CVE-2020-14965 NOMISEC MEDIUM WRITEUP
TP-Link TL-WR740N and TL-WR740ND - Stored Cross-Site Scripting via Access Control Settings
On TP-Link TL-WR740N v4 and TL-WR740ND v4 devices, an attacker with access to the admin panel can inject HTML code and change the HTML context of the target pages and stations in the access-control settings via targets_lists_name or hosts_lists_name. The vulnerability can also be exploited through a CSRF, requiring no authentication as an administrator.
CVSS 4.8
CVE-2020-9460 INTHEWILD MEDIUM WRITEUP
Oempro 4.7-4.11 - Authenticated Cross-Site Scripting via CampaignName Parameter
Octech Oempro 4.7 through 4.11 allow XSS by an authenticated user. The parameter CampaignName in Campaign.Create is vulnerable.
CVSS 5.4
CVE-2020-9461 INTHEWILD MEDIUM WRITEUP
Octech Oempro 4.7-4.11 - Authenticated Stored Cross-Site Scripting via Media.CreateFolder FolderName Parameter
Octech Oempro 4.7 through 4.11 allow stored XSS by an authenticated user. The FolderName parameter of the Media.CreateFolder command is vulnerable.
CVSS 5.4