Joe Helle - Security Researcher - Exploit Intelligence Platform

CVE-2021-37832 NOMISEC CRITICAL WRITEUP

Digitaldruid Hoteldruid - SQL Injection

A SQL injection vulnerability exists in version 3.0.2 of Hotel Druid when SQLite is being used as the application database. A malicious attacker can issue SQL commands to the SQLite database through the vulnerable idappartamenti parameter.

4 stars

CVSS 9.8

View Code

CVE-2020-28351 NOMISEC MEDIUM WRITEUP

Mitel Shoretel Firmware - XSS

The conferencing component on Mitel ShoreTel 19.46.1802.0 devices could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack (via the PATH_INFO to index.php) due to insufficient validation for the time_zone object in the HOME_MEETING& page.

3 stars

CVSS 6.1

View Code

CVE-2021-37833 NOMISEC MEDIUM WORKING POC

Digitaldruid Hoteldruid - XSS

A reflected cross-site scripting (XSS) vulnerability exists in multiple pages in version 3.0.2 of the Hotel Druid application that allows for arbitrary execution of JavaScript commands.

2 stars

CVSS 6.1

View Code

CVE-2020-28351 EXPLOITDB MEDIUM text WORKING POC

Mitel Shoretel Firmware - XSS

The conferencing component on Mitel ShoreTel 19.46.1802.0 devices could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack (via the PATH_INFO to index.php) due to insufficient validation for the time_zone object in the HOME_MEETING& page.

CVSS 6.1

View Code