Junnair Manla

4 exploits Active since Aug 2022
CVE-2022-28598 NOMISEC MEDIUM WRITEUP
Frappe ERPNext <12.29.0 - XSS
Frappe ERPNext 12.29.0 is vulnerable to XSS where the software does not neutralize or incorrectly neutralize user-controllable input before it is placed in output that is used as a web page that is served to other users.
CVSS 6.1
CVE-2024-41304 WRITEUP MEDIUM WRITEUP
Wondercms - Code Injection
An arbitrary file upload vulnerability in the uploadFileAction() function of WonderCMS v3.4.3 allows attackers to execute arbitrary code via a crafted SVG file.
CVSS 5.4
CVE-2024-41305 WRITEUP MEDIUM WRITEUP
Wondercms - SSRF
A Server-Side Request Forgery (SSRF) in the Plugins Page of WonderCMS v3.4.3 allows attackers to force the application to make arbitrary requests via injection of crafted URLs into the pluginThemeUrl parameter.
CVSS 4.7
CVE-2022-28598 EXPLOITDB MEDIUM text WRITEUP
Frappe ERPNext <12.29.0 - XSS
Frappe ERPNext 12.29.0 is vulnerable to XSS where the software does not neutralize or incorrectly neutralize user-controllable input before it is placed in output that is used as a web page that is served to other users.
CVSS 6.1