Jackson Henry

3 exploits Active since Apr 2021
CVE-2021-43032 NOMISEC MEDIUM WRITEUP
XenForo < 2.2.7 - Authenticated Stored Cross-Site Scripting via Advertisement HTML Body
In XenForo through 2.2.7, a threat actor with access to the admin panel can create a new Advertisement via the Advertising function, and save an XSS payload in the body of the HTML document. This payload will execute globally on the client side.
2 stars
CVSS 4.8
CVE-2020-17453 NOMISEC MEDIUM WORKING POC
WSO2 Management Console <5.10 - XSS
WSO2 Management Console through 5.10 allows XSS via the carbon/admin/login.jsp msgId parameter.
2 stars
CVSS 6.1
CVE-2020-17453 INTHEWILD MEDIUM WORKING POC
WSO2 Management Console <5.10 - XSS
WSO2 Management Console through 5.10 allows XSS via the carbon/admin/login.jsp msgId parameter.
CVSS 6.1