Joost Vondeling

3 exploits Active since Apr 2019
CVE-2020-36988 EXPLOITDB MEDIUM text WRITEUP
PDW File Browser < 1.3 - Authenticated Stored and Reflected Cross-Site Scripting via File Rename and Path Parameters
PDW File Browser version 1.3 contains stored and reflected cross-site scripting vulnerabilities that allow authenticated attackers to inject malicious scripts through file rename and path parameters. Attackers can craft malicious URLs or rename files with XSS payloads to execute arbitrary JavaScript in victims' browsers when they access the file browser.
CVSS 5.4
CVE-2020-36973 EXPLOITDB MEDIUM text WORKING POC
PDW File Browser 1.3 - Authenticated Remote Code Execution via Webshell Upload and Rename
PDW File Browser 1.3 contains a remote code execution vulnerability that allows authenticated users to upload and rename webshell files to arbitrary web server locations. Attackers can upload a .txt webshell, rename it to .php, and move it to accessible directories using double-encoded path traversal techniques.
CVSS 6.5
CVE-2019-11504 EXPLOITDB MEDIUM text WRITEUP
Zotonic < 0.47.0 - Cross-Site Scripting in mod_admin
Zotonic before version 0.47 has mod_admin XSS.
CVSS 4.8