MTK

8 exploits Active since Nov 2018
CVE-2019-25263 EXPLOITDB MEDIUM text WRITEUP
Zendesk SweetHawk Survey 1.6 - XSS
Zendesk SweetHawk Survey 1.6 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts through support ticket submissions. Attackers can insert XSS payloads like script tags into ticket text that automatically execute when survey pages are loaded by other users.
CVSS 6.4
CVE-2019-16120 EXPLOITDB HIGH text WORKING POC
WordPress Event Tickets <4.10.7.2 - Code Injection
CSV injection in the event-tickets (Event Tickets) plugin before 4.10.7.2 for WordPress exists via the "All Post> Ticketed > Attendees" Export Attendees feature.
CVSS 8.8
CVE-2019-15501 EXPLOITDB MEDIUM text WORKING POC
Lsoft Listserv < 16.5-2018a - XSS
Reflected cross site scripting (XSS) in L-Soft LISTSERV before 16.5-2018a exists via the /scripts/wa.exe OK parameter.
CVSS 6.1
CVE-2019-6780 EXPLOITDB MEDIUM text WORKING POC
Kaine Wise Chat < 2.7 - Open Redirect
The Wise Chat plugin before 2.7 for WordPress mishandles external links because rendering/filters/post/WiseChatLinksPostFilter.php omits noopener and noreferrer.
CVSS 6.1
CVE-2018-19287 EXPLOITDB MEDIUM text WORKING POC
Ninja Forms <3.3.18 - XSS
XSS in the Ninja Forms plugin before 3.3.18 for WordPress allows Remote Attackers to execute JavaScript via the includes/Admin/Menus/Submissions.php (aka submissions page) begin_date, end_date, or form_id parameter.
CVSS 6.1
CVE-2019-16119 EXPLOITDB CRITICAL text WORKING POC
10Web Photo Gallery <1.5.35 - SQL Injection
SQL injection in the photo-gallery (10Web Photo Gallery) plugin before 1.5.35 for WordPress exists via the admin/controllers/Albumsgalleries.php album_id parameter.
CVSS 9.8
CVE-2019-16118 EXPLOITDB MEDIUM text WRITEUP
10Web Photo Gallery <1.5.35 - XSS
Cross site scripting (XSS) in the photo-gallery (10Web Photo Gallery) plugin before 1.5.35 for WordPress exists via admin/controllers/Options.php.
CVSS 6.1
CVE-2019-16117 EXPLOITDB MEDIUM text WRITEUP
10Web Photo Gallery <1.5.35 - XSS
Cross site scripting (XSS) in the photo-gallery (10Web Photo Gallery) plugin before 1.5.35 for WordPress exists via admin/models/Galleries.php.
CVSS 6.1