J4cky1028

7 exploits Active since Apr 2025
CVE-2025-70844 WRITEUP MEDIUM WRITEUP
yaffa 2.0.0 - Stored Cross-Site Scripting via Add Account Group Function
yaffa v2.0.0 is vulnerable to Cross Site Scripting (XSS). An attacker can inject malicious JavaScript into the "Add Account Group" function on the account-group page, allowing execution of arbitrary script in the context of users who view the affected page.
CVSS 6.1
CVE-2026-29828 WRITEUP MEDIUM WRITEUP
dootask < 1.6.27 - Stored Cross-Site Scripting via Project Description Input
DooTask v1.6.27 has a Cross-Site Scripting (XSS) vulnerability in the /manage/project/<id> page via the input field projectDesc.
CVSS 6.1
CVE-2025-29594 WRITEUP MEDIUM WRITEUP
CS2-WeaponPaints-Website v2.1.7 - XSS
A vulnerability exists in the errorpage.php file of the CS2-WeaponPaints-Website v2.1.7 where user-controlled input is not adequately validated before being processed. Specifically, the $_GET['errorcode'] parameter can be manipulated to access unauthorized error codes, leading to Cross-Site Scripting (XSS) attacks and information disclosure.
CVSS 6.1
CVE-2025-45661 WRITEUP MEDIUM WRITEUP
miniTCG 1.3.1 beta - Cross-Site Scripting via id Parameter
A cross-site scripting (XSS) vulnerability in miniTCG v1.3.1 beta allows attackers to execute abritrary web scripts or HTML via injecting a crafted payload into the id parameter at /members/edit.php.
CVSS 5.9
CVE-2025-45662 WRITEUP MEDIUM WRITEUP
mpgram_web - Cross-Site Scripting in /master/login.php
A cross-site scripting (XSS) vulnerability in the component /master/login.php of mpgram-web commit 94baadb allows attackers to execute arbitrary Javascript in the context of a user's browser via a crafted payload.
CVSS 6.1
CVE-2025-70845 WRITEUP MEDIUM WRITEUP
aidigu 1.9.1 - Stored Cross-Site Scripting in Setting Page Intro Field
lty628 aidigu v1.9.1 is vulnerable to Cross Site Scripting (XSS) exists in the /setting/ page where the "intro" field is not properly sanitized or escaped.
CVSS 6.1
CVE-2025-70846 WRITEUP HIGH WRITEUP
aidigu 1.9.1 - Stored Cross-Site Scripting via Password Input Field
lty628 aidigu v1.9.1 is vulnerable to Cross Site Scripting (XSS) on the /tools/Password/add page in the input field password.
CVSS 7.1