J4cky1028

7 exploits Active since Apr 2025
CVE-2025-70844 WRITEUP MEDIUM WRITEUP
yaffa 2.0.0 - XSS
yaffa v2.0.0 is vulnerable to Cross Site Scripting (XSS). An attacker can inject malicious JavaScript into the "Add Account Group" function on the account-group page, allowing execution of arbitrary script in the context of users who view the affected page.
CVSS 6.1
CVE-2026-29828 WRITEUP MEDIUM WRITEUP
DooTask 1.6.27 - XSS
DooTask v1.6.27 has a Cross-Site Scripting (XSS) vulnerability in the /manage/project/<id> page via the input field projectDesc.
CVSS 6.1
CVE-2025-29594 WRITEUP MEDIUM WRITEUP
CS2-WeaponPaints-Website v2.1.7 - XSS
A vulnerability exists in the errorpage.php file of the CS2-WeaponPaints-Website v2.1.7 where user-controlled input is not adequately validated before being processed. Specifically, the $_GET['errorcode'] parameter can be manipulated to access unauthorized error codes, leading to Cross-Site Scripting (XSS) attacks and information disclosure.
CVSS 6.1
CVE-2025-45661 WRITEUP MEDIUM WRITEUP
Heavenspell Minitcg - XSS
A cross-site scripting (XSS) vulnerability in miniTCG v1.3.1 beta allows attackers to execute abritrary web scripts or HTML via injecting a crafted payload into the id parameter at /members/edit.php.
CVSS 5.9
CVE-2025-45662 WRITEUP MEDIUM WRITEUP
Nnproject Mpgram Web - XSS
A cross-site scripting (XSS) vulnerability in the component /master/login.php of mpgram-web commit 94baadb allows attackers to execute arbitrary Javascript in the context of a user's browser via a crafted payload.
CVSS 6.1
CVE-2025-70845 WRITEUP MEDIUM WRITEUP
lty628 aidigu v1.9.1 - XSS
lty628 aidigu v1.9.1 is vulnerable to Cross Site Scripting (XSS) exists in the /setting/ page where the "intro" field is not properly sanitized or escaped.
CVSS 6.1
CVE-2025-70846 WRITEUP HIGH WRITEUP
lty628 aidigu 1.9.1 - XSS
lty628 aidigu v1.9.1 is vulnerable to Cross Site Scripting (XSS) on the /tools/Password/add page in the input field password.
CVSS 7.1