Hemant Patidar (HemantSolo)

11 exploits Active since Aug 2020
CVE-2020-29230 WRITEUP MEDIUM WRITEUP
EGavilanMedia User Registration and Login System 1.0 - Stored XSS in Admin Panel
EGavilanMedia User Registration and Login System With Admin Panel 1.0 is affected by cross-site scripting (XSS) in the Admin Panel - Manage User tab using the Full Name of the user. This vulnerability can result in the attacker injecting the XSS payload in the User Registration section and each time admin visits the manage user section from the admin panel, the XSS triggers and the attacker can steal the cookie according to the crafted payload.
CVSS 6.1
CVE-2020-29231 WRITEUP MEDIUM WRITEUP
EGavilanMedia User Registration and Login System With Admin Panel 1...
EGavilanMedia User Registration and Login System With Admin Panel 1.0 is affected by cross-site scripting (XSS) in the Admin Profile Page. This vulnerability can result in the attacker injecting the XSS payload in Admin Full Name and each time admin visits the Profile page from the admin panel, the XSS triggers.
CVSS 5.4
CVE-2020-35240 WRITEUP MEDIUM WRITEUP
FluxBB 1.5.11 - Stored Cross-Site Scripting in Blog Content
FluxBB 1.5.11 is affected by cross-site scripting (XSS in the Blog Content component. This vulnerability can allow an attacker to inject the XSS payload in "Blog Content" and each time any user will visit the blog, the XSS triggers and the attacker can able to steal the cookie according to the crafted payload.
CVSS 4.8
CVE-2020-36960 EXPLOITDB MEDIUM text WORKING POC
Forma LMS < 2.3 - Stored Cross-Site Scripting via User Profile First and Last Name Fields
Forma LMS 2.3 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious scripts into user profile first and last name fields. Attackers can craft scripts like '<script>alert(document.cookie)</script>' to execute arbitrary JavaScript when the profile is viewed by other users.
CVSS 6.4
CVE-2020-29233 EXPLOITDB MEDIUM text WORKING POC
WonderCMS 3.1.3 - Stored Cross-Site Scripting in Page Description
WonderCMS 3.1.3 is affected by cross-site scripting (XSS) in the Page description component. This vulnerability can allow an attacker to inject the XSS payload in the Page description and each time any user will visits the website, the XSS triggers and attacker can steal the cookie according to the crafted payload.
CVSS 5.4
CVE-2020-29469 EXPLOITDB MEDIUM text WORKING POC
WonderCMS 3.1.3 - Stored Cross-Site Scripting in Menu Component
WonderCMS 3.1.3 is affected by cross-site scripting (XSS) in the Menu component. This vulnerability can allow an attacker to inject the XSS payload in the Setting - Menu and each time any user will visits the website directory, the XSS triggers and attacker can steal the cookie according to the crafted payload.
CVSS 5.4
CVE-2020-24609 EXPLOITDB MEDIUM text WORKING POC
Savsoft Quiz < 5.5 - Stored Cross-Site Scripting in User Registration
TechKshetra Info Solutions Pvt. Ltd Savsoft Quiz 5.5 and earlier has XSS which can result in an attacker injecting the XSS payload in the User Registration section and each time the admin visits the manage user section from the admin panel, the XSS triggers and the attacker can steal the cookie via crafted payload.
CVSS 6.1
CVE-2020-29470 EXPLOITDB MEDIUM text WORKING POC
OpenCart 3.0.3.6 - Stored Cross-Site Scripting in Mail Subject Field
OpenCart 3.0.3.6 is affected by cross-site scripting (XSS) in the Subject field of mail. This vulnerability can allow an attacker to inject the XSS payload in the Subject field of the mail and each time any user will open that mail of the website, the XSS triggers and the attacker can able to steal the cookie according to the crafted payload.
CVSS 4.8
CVE-2020-29471 EXPLOITDB MEDIUM text WRITEUP
OpenCart 3.0.3.6 - Stored Cross-Site Scripting via Profile Image Upload
OpenCart 3.0.3.6 is affected by cross-site scripting (XSS) in the Profile Image. An admin can upload a profile image as a malicious code using JavaScript. Whenever anyone will see the profile picture, the code will execute and XSS will trigger.
CVSS 4.8
CVE-2020-29475 EXPLOITDB MEDIUM text WORKING POC
nopCommerce Store 4.30 - Stored Cross-Site Scripting in Schedule Tasks Name Field
nopCommerce Store 4.30 is affected by cross-site scripting (XSS) in the Schedule tasks name field. This vulnerability can allow an attacker to inject the XSS payload in Schedule tasks and each time any user will go to that page of the website, the XSS triggers and attacker can able to steal the cookie according to the crafted payload.
CVSS 4.8
CVE-2020-29477 EXPLOITDB MEDIUM text WORKING POC
Invision Community 4.5.4 - Stored Cross-Site Scripting in Field Name
Invision Community 4.5.4 is affected by cross-site scripting (XSS) in the Field Name field. This vulnerability can allow an attacker to inject the XSS payload in Field Name and each time any user will open that, the XSS triggers and the attacker can able to steal the cookie according to the crafted payload.
CVSS 4.8