Jainil Borisagar

4 exploits Active since Sep 2025
CVE-2025-57483 NOMISEC HIGH WRITEUP
tawk.to chatbox widget v4 - Reflected Cross-Site Scripting via Vulnerable Parameter
A reflected cross-site scripting (XSS) vulnerability in tawk.to chatbox widget v4 allows attackers to execute arbitrary Javascript in the context of the user's browser via injecting a crafted payload into the vulnerable parameter.
1 stars
CVSS 8.1
CVE-2025-65518 NOMISEC HIGH WRITEUP
Plesk Obsidian 8.0.1-18.0.73 - Unauthenticated Denial of Service via get_password.php Endpoint
Plesk Obsidian versions 8.0.1 through 18.0.73 are vulnerable to a Denial of Service (DoS) condition. The vulnerability exists in the get_password.php endpoint, where a crafted request containing a malicious payload can cause the affected web interface to continuously reload, rendering the service unavailable to legitimate users. An attacker can exploit this issue remotely without authentication, resulting in a persistent availability impact on the affected Plesk Obsidian instance.
CVSS 7.5
CVE-2025-57483 WRITEUP HIGH WRITEUP
tawk.to chatbox widget v4 - Reflected Cross-Site Scripting via Vulnerable Parameter
A reflected cross-site scripting (XSS) vulnerability in tawk.to chatbox widget v4 allows attackers to execute arbitrary Javascript in the context of the user's browser via injecting a crafted payload into the vulnerable parameter.
CVSS 8.1
CVE-2025-65518 WRITEUP HIGH WRITEUP
Plesk Obsidian 8.0.1-18.0.73 - Unauthenticated Denial of Service via get_password.php Endpoint
Plesk Obsidian versions 8.0.1 through 18.0.73 are vulnerable to a Denial of Service (DoS) condition. The vulnerability exists in the get_password.php endpoint, where a crafted request containing a malicious payload can cause the affected web interface to continuously reload, rendering the service unavailable to legitimate users. An attacker can exploit this issue remotely without authentication, resulting in a persistent availability impact on the affected Plesk Obsidian instance.
CVSS 7.5