Kelsey Tian

10 exploits Active since Dec 2023
CVE-2023-50473 WRITEUP MEDIUM WRITEUP
Billahmed Qbit Matui - XSS
Cross-Site Scripting (XSS) vulnerability in bill-ahmed qbit-matUI version 1.16.4, allows remote attackers to obtain sensitive information via fixed session identifiers (SID) in index.js file.
CVSS 5.4
CVE-2023-50475 WRITEUP CRITICAL WRITEUP
Bcoin - Broken Cryptographic Algorithm
An issue was discovered in bcoin-org bcoin version 2.2.0, allows remote attackers to obtain sensitive information via weak hashing algorithms in the component \vendor\faye-websocket.js.
CVSS 9.1
CVE-2023-50477 WRITEUP CRITICAL WRITEUP
Nos Client <0.6.6 - Privilege Escalation
An issue was discovered in nos client version 0.6.6, allows remote attackers to escalate privileges via getRPCEndpoint.js.
CVSS 9.8
CVE-2023-50481 WRITEUP HIGH WRITEUP
Blinksocks - Broken Cryptographic Algorithm
An issue was discovered in blinksocks version 3.3.8, allows remote attackers to obtain sensitive information via weak encryption algorithms in the component /presets/ssr-auth-chain.js.
CVSS 7.5
CVE-2023-51837 WRITEUP CRITICAL WRITEUP
Ylianst MeshCentral 1.1.16 - Info Disclosure
Ylianst MeshCentral 1.1.16 is vulnerable to Missing SSL Certificate Validation.
CVSS 9.8
CVE-2023-51838 WRITEUP HIGH WRITEUP
Ylianst MeshCentral 1.1.16 - Info Disclosure
Ylianst MeshCentral 1.1.16 suffers from Use of a Broken or Risky Cryptographic Algorithm.
CVSS 7.5
CVE-2023-51839 WRITEUP CRITICAL WRITEUP
DeviceFarmer stf <3.6.6 - Info Disclosure
DeviceFarmer stf v3.6.6 suffers from Use of a Broken or Risky Cryptographic Algorithm.
CVSS 9.1
CVE-2023-51840 WRITEUP CRITICAL WRITEUP
DoraCMS 2.1.8 - Code Injection
DoraCMS 2.1.8 is vulnerable to Use of Hard-coded Cryptographic Key.
CVSS 9.8
CVE-2023-51842 WRITEUP HIGH WRITEUP
Ylianst MeshCentral <1.1.16 - Info Disclosure
An algorithm-downgrade issue was discovered in Ylianst MeshCentral 1.1.16.
CVSS 7.5
CVE-2023-51843 WRITEUP HIGH WRITEUP
react-dashboard 1.4.0 - XSS
react-dashboard 1.4.0 is vulnerable to Cross Site Scripting (XSS) as httpOnly is not set.
CVSS 8.2