LoRexxar - Security Researcher - Exploit Intelligence Platform

CVE-2020-18657 WRITEUP MEDIUM WRITEUP

GetSimpleCMS <= 3.3.15 - Cross-Site Scripting via redirect_url Parameter

Cross Site Scripting (XSS) vulnerability in GetSimpleCMS <= 3.3.15 in admin/changedata.php via the redirect_url parameter and the headers_sent function.

CVSS 6.1

View Code

CVE-2020-18658 WRITEUP MEDIUM WRITEUP

GetSimpleCMS <= 3.3.15 - Cross-Site Scripting via Timezone Parameter

Cross Site Scriptiong (XSS) vulnerability in GetSimpleCMS <=3.3.15 via the timezone parameter to settings.php.

CVSS 6.1

View Code

CVE-2020-18659 WRITEUP MEDIUM WRITEUP

GetSimpleCMS <= 3.3.15 - Cross-Site Scripting via Setup Parameters

Cross Site Scripting vulnerability in GetSimpleCMS <=3.3.15 via the (1) sitename, (2) username, and (3) email parameters to /admin/setup.php

CVSS 6.1

View Code

CVE-2020-18660 WRITEUP MEDIUM WRITEUP

GetSimpleCMS <=3.3.15 - Open Redirect

GetSimpleCMS <=3.3.15 has an open redirect in admin/changedata.php via the redirect function to the url parameter.

CVSS 6.1

View Code

CVE-2020-18664 WRITEUP MEDIUM WRITEUP

WebPort <= 1.19.1 - Stored Cross-Site Scripting via Connection Name Parameter

Cross Site Scripting (XSS) vulnerability in WebPort <=1.19.1via the connection name parameter in type-conn.

CVSS 5.4

View Code

CVE-2020-18665 WRITEUP MEDIUM WRITEUP

WebPort <= 1.19.1 - Path Traversal in System Settings Tags

Directory Traversal vulnerability in WebPort <=1.19.1 in tags of system settings.

CVSS 5.3

View Code

CVE-2020-18667 WRITEUP CRITICAL WRITEUP

WebPort <= 1.19.1 - SQL Injection via New Connection Parameter

SQL Injection vulnerability in WebPort <=1.19.1 via the new connection, parameter name in type-conn.

CVSS 9.8

View Code

CVE-2020-18668 WRITEUP MEDIUM WRITEUP

web_port < 1.19.1 - Stored Cross-Site Scripting via Description Parameter

Cross Site Scripting (XSS) vulnerabililty in WebPort <=1.19.1 via the description parameter to script/listcalls.

CVSS 5.4

View Code

CVE-2019-11229 EXPLOITDB HIGH python WORKING POC

Gitea < 1.7.6 and 1.8.x < 1.8-RC3 - Remote Code Execution via Mirror Repository URL Mishandling

models/repo_mirror.go in Gitea before 1.7.6 and 1.8.x before 1.8-RC3 mishandles mirror repo URL settings, leading to remote code execution.

CVSS 8.8

View Code