Marc Mahlke

9 exploits Active since Sep 2023
CVE-2022-44349 WRITEUP MEDIUM WRITEUP
NAVBLUE S.A.S N-Ops & Crew <22.5-rc.50 - XSS
NAVBLUE S.A.S N-Ops & Crew 22.5-rc.50 is vulnerable to Cross Site Scripting (XSS).
CVSS 5.4
CVE-2023-37826 WRITEUP MEDIUM WRITEUP
General Solutions Steiner GmbH CASE 3 Taskmanagement 3.3 - Cross-Site Scripting via Fieldname Parameter
A cross-site scripting (XSS) vulnerability in General Solutions Steiner GmbH CASE 3 Taskmanagement V 3.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the fieldname parameter.
CVSS 6.1
CVE-2023-37827 WRITEUP MEDIUM WRITEUP
General Solutions Steiner GmbH CASE 3 Taskmanagement 3.3 - Cross-Site Scripting via executionBlockName Parameter
A cross-site scripting (XSS) vulnerability in General Solutions Steiner GmbH CASE 3 Taskmanagement V 3.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the executionBlockName parameter.
CVSS 6.1
CVE-2023-37828 WRITEUP MEDIUM WRITEUP
General Solutions Steiner GmbH CASE 3 Taskmanagement 3.3 - Cross-Site Scripting via Tasktyp Parameter
A cross-site scripting (XSS) vulnerability in General Solutions Steiner GmbH CASE 3 Taskmanagement V 3.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Tasktyp parameter.
CVSS 6.1
CVE-2023-37829 WRITEUP MEDIUM WRITEUP
General Solutions Steiner GmbH CASE 3 Taskmanagement 3.3 - Cross-Site Scripting via Notification Message Parameter
A cross-site scripting (XSS) vulnerability in General Solutions Steiner GmbH CASE 3 Taskmanagement V 3.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the notification.message parameter.
CVSS 6.1
CVE-2023-37830 WRITEUP MEDIUM WRITEUP
General Solutions Steiner GmbH CASE 3 Taskmanagement 3.3 - Cross-Site Scripting via Name Parameter
A cross-site scripting (XSS) vulnerability in General Solutions Steiner GmbH CASE 3 Taskmanagement V 3.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the name parameter.
CVSS 6.1
CVE-2024-51122 WRITEUP MEDIUM WRITEUP
Zertificon Z1 SecureMail <3.16.4-2516-debian12 - XSS
Cross Site Scripting vulnerability in Zertificon Z1 SecureMail Z1 CertServer v.3.16.4-2516-debian12 alllows a remote attacker to execute arbitrary code via the ST, L, O, OU, CN parameters.
CVSS 6.1
CVE-2024-51123 WRITEUP HIGH WRITEUP
Zertificon Z1 SecureMail <4.44.2-7240-debian12 - Info Disclosure
An issue in Zertificon Z1 SecureMail Z1 SecureMail Gateway 4.44.2-7240-debian12 allows a remote attacker to obtain sensitive information via the /compose-pdf.xhtml?convid=[id] component.
CVSS 7.5
CVE-2025-51506 WRITEUP MEDIUM WRITEUP
HRForecast Suite 0.4.3 - Authenticated SQL Injection via valueKey Parameter
In the smartLibrary component of the HRForecast Suite 0.4.3, a SQL injection vulnerability was discovered in the valueKey parameter. This flaw enables any authenticated user to execute arbitrary SQL queries, via crafted payloads to valueKey to the api/smartlibrary/v2/en/dictionaries/options/lookup endpoint.
CVSS 6.5