Jelle Janssens

7 exploits Active since Feb 2025
CVE-2025-1184 WRITEUP MEDIUM WRITEUP
PiHome 1.77 - SQL Injection via /ajax.php GetModal_MQTTEdit id Parameter
A vulnerability was found in pihome-shc PiHome 1.77 and classified as critical. Affected by this issue is some unknown functionality of the file /ajax.php?Ajax=GetModal_MQTTEdit. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
CVSS 6.3
CVE-2025-1185 WRITEUP MEDIUM WRITEUP
PiHome MaxAir - SQL Injection via /ajax.php GetModal_Sensor_Graph Parameter
A vulnerability was found in pihome-shc PiHome 2.0. It has been classified as critical. This affects an unknown part of the file /ajax.php?Ajax=GetModal_Sensor_Graph. The manipulation leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVSS 6.3
CVE-2025-1213 WRITEUP LOW WRITEUP
PiHome 1.77 - Cross-Site Scripting via PHP_SELF Parameter
A vulnerability was found in pihome-shc PiHome 1.77. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /index.php. The manipulation of the argument $_SERVER['PHP_SELF'] leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
CVSS 3.5
CVE-2025-1214 WRITEUP MEDIUM WRITEUP
PiHome maxair - Missing Authorization in Role-Based Access Control via /user_accounts.php?uid
A vulnerability classified as critical has been found in pihome-shc PiHome 2.0. This affects an unknown part of the file /user_accounts.php?uid of the component Role-Based Access Control. The manipulation leads to missing authorization. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVSS 6.3
CVE-2025-1742 WRITEUP MEDIUM WRITEUP
PiHome MaxAir 2.0 - Stored Cross-Site Scripting via /home.php page_name Parameter
A vulnerability, which was classified as problematic, has been found in pihome-shc PiHome 2.0. Affected by this issue is some unknown functionality of the file /home.php. The manipulation of the argument page_name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 4.3
CVE-2025-2130 WRITEUP LOW WRITEUP
OpenXE < 1.12 - Cross-Site Scripting via Ticket Notizen Parameter
A vulnerability was found in OpenXE up to 1.12. It has been declared as problematic. This vulnerability affects unknown code of the component Ticket Bearbeiten Page. The manipulation of the argument Notizen leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 3.5
CVE-2025-2715 WRITEUP LOW WRITEUP
timschofield webERP <5.0.0.rc+13 - XSS
A vulnerability classified as problematic has been found in timschofield webERP up to 5.0.0.rc+13. This affects an unknown part of the file ConfirmDispatch_Invoice.php of the component Confirm Dispatch and Invoice Page. The manipulation of the argument Narrative leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 3.5