Ilca Lucian Florin

4 exploits Active since Aug 2019
CVE-2020-37235 EXPLOITDB MEDIUM text WRITEUP
WordPress Theme Wibar 1.1.8 Stored Cross-Site Scripting via Brand Component
WordPress Theme Wibar 1.1.8 contains a stored cross-site scripting vulnerability in the Brand component that allows authenticated users to inject malicious scripts by manipulating the Logo URL parameter. Attackers with editor, administrator, contributor, or author privileges can inject base64-encoded script payloads through the ftc_brand_url input field to execute arbitrary JavaScript when users visit the brand page.
CVSS 6.4
EIP-2026-113974 EXPLOITDB text WORKING POC
WordPress Plugin Popup Builder 3.69.6 - Multiple Stored Cross Site Scripting
CVE-2019-14974 EXPLOITDB MEDIUM text WRITEUP
SugarCRM Enterprise 9.0.0 - Cross-Site Scripting via desktop_url Parameter
SugarCRM Enterprise 9.0.0 allows mobile/error-not-supported-platform.html?desktop_url= XSS.
CVSS 6.1
EIP-2026-103812 EXPLOITDB text WORKING POC
SAP Lumira 1.31 - Stored Cross-Site Scripting