MTK

8 exploits Active since Nov 2018
CVE-2019-25263 EXPLOITDB MEDIUM text WRITEUP
Zendesk App SweetHawk Survey 1.6 - Stored Cross-Site Scripting via Support Ticket Submission
Zendesk SweetHawk Survey 1.6 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts through support ticket submissions. Attackers can insert XSS payloads like script tags into ticket text that automatically execute when survey pages are loaded by other users.
CVSS 6.4
CVE-2019-16120 EXPLOITDB HIGH text WORKING POC
WordPress Event Tickets <4.10.7.2 - Code Injection
CSV injection in the event-tickets (Event Tickets) plugin before 4.10.7.2 for WordPress exists via the "All Post> Ticketed > Attendees" Export Attendees feature.
CVSS 8.8
CVE-2019-15501 EXPLOITDB MEDIUM text WORKING POC
LISTSERV < 16.5-2018a - Reflected Cross-Site Scripting via OK Parameter
Reflected cross site scripting (XSS) in L-Soft LISTSERV before 16.5-2018a exists via the /scripts/wa.exe OK parameter.
CVSS 6.1
CVE-2019-6780 EXPLOITDB MEDIUM text WORKING POC
Wise Chat < 2.7 - Open Redirect via External Link Handling
The Wise Chat plugin before 2.7 for WordPress mishandles external links because rendering/filters/post/WiseChatLinksPostFilter.php omits noopener and noreferrer.
CVSS 6.1
CVE-2018-19287 EXPLOITDB MEDIUM text WORKING POC
Ninja Forms < 3.3.18 - Cross-Site Scripting via Submissions Page Parameters
XSS in the Ninja Forms plugin before 3.3.18 for WordPress allows Remote Attackers to execute JavaScript via the includes/Admin/Menus/Submissions.php (aka submissions page) begin_date, end_date, or form_id parameter.
CVSS 6.1
CVE-2019-16119 EXPLOITDB CRITICAL text WORKING POC
10Web Photo Gallery <1.5.35 - SQL Injection
SQL injection in the photo-gallery (10Web Photo Gallery) plugin before 1.5.35 for WordPress exists via the admin/controllers/Albumsgalleries.php album_id parameter.
CVSS 9.8
CVE-2019-16118 EXPLOITDB MEDIUM text WRITEUP
10web Photo Gallery < 1.5.35 - Cross-Site Scripting via Options.php
Cross site scripting (XSS) in the photo-gallery (10Web Photo Gallery) plugin before 1.5.35 for WordPress exists via admin/controllers/Options.php.
CVSS 6.1
CVE-2019-16117 EXPLOITDB MEDIUM text WRITEUP
10web Photo Gallery < 1.5.35 - Cross-Site Scripting via Galleries.php
Cross site scripting (XSS) in the photo-gallery (10Web Photo Gallery) plugin before 1.5.35 for WordPress exists via admin/models/Galleries.php.
CVSS 6.1