Kislay Kumar

6 exploits Active since Jan 2021
CVE-2020-37240 EXPLOITDB MEDIUM text WORKING POC
Queue Management System 4.0.0 Stored XSS via Add User
Queue Management System 4.0.0 contains a stored cross-site scripting vulnerability that allows authenticated administrators to inject malicious scripts through user creation fields. Attackers can insert JavaScript payloads in the First Name, Last Name, and Email fields during user creation, which execute when viewing the User List page.
CVSS 6.4
CVE-2020-36954 EXPLOITDB MEDIUM text WRITEUP
Xeroneit Library Management System 3.1 - XSS
Xeroneit Library Management System 3.1 contains a stored cross-site scripting vulnerability in the Book Category feature that allows administrators to inject malicious scripts. Attackers can insert a payload in the Category Name field to execute arbitrary JavaScript code when the page is loaded.
CVSS 6.4
CVE-2020-36011 EXPLOITDB MEDIUM text WRITEUP
QDOCS Smart Hospital Management System 3.1 - Stored Cross-Site Scripting via Add Patient Form
A cross-site scripting (XSS) issue in Add Patient Form in QDOCS Smart Hospital Management System 3.1 allows a remote attacker to inject arbitrary code via the Name, Guardian Name, Email, Address, Remarks, or Any Known Allergies field.
CVSS 4.8
CVE-2020-35263 EXPLOITDB CRITICAL text WRITEUP
EgavilanMedia User Registration & Login System 1.0 - SQL Injection in Admin Panel
EgavilanMedia User Registration & Login System 1.0 is affected by SQL injection to the admin panel, which may allow arbitrary code execution.
CVSS 9.8
EIP-2026-109623 EXPLOITDB text WRITEUP
Multi Branch School Management System 3.5 - _Create Branch_ Stored XSS
EIP-2026-109111 EXPLOITDB text WRITEUP
Library Management System 3.0 - _Add Category_ Stored XSS