Luka Safonov

2 exploits Active since Oct 2020
CVE-2020-16270 NOMISEC MEDIUM WRITEUP
Olimpok < 3.3.39 - XSS
OLIMPOKS under 3.3.39 allows Auth/Admin ErrorMessage XSS. Remote Attacker can use discovered vulnerability to inject malicious JavaScript payload to victim’s browsers in context of vulnerable applications. Executed code can be used to steal administrator’s cookies, influence HTML content of targeted application and perform phishing-related attacks. Vulnerable application used in more than 3000 organizations in different sectors from retail to industries.
CVSS 6.1
CVE-2019-13633 NOMISEC MEDIUM WRITEUP
Blinger.io v1.0.2519 - XSS
Blinger.io v.1.0.2519 is vulnerable to Blind/Persistent XSS. An attacker can send arbitrary JavaScript code via a built-in communication channel, such as Telegram, WhatsApp, Viber, Skype, Facebook, Vkontakte, or Odnoklassniki. This is mishandled within the administration panel for conversations/all, conversations/inbox, conversations/unassigned, and conversations/closed.
CVSS 6.1