Maria Kononova

4 exploits Active since Feb 2021
CVE-2021-27187 NOMISEC HIGH WRITEUP
Sovremennye Delovye Tekhnologii FX Aggregator Terminal Client 1 - Cleartext Password Storage
The Sovremennye Delovye Tekhnologii FX Aggregator terminal client 1 stores authentication credentials in cleartext in login.sav when the Save Password box is checked.
1 stars
CVSS 7.5
CVE-2021-27188 NOMISEC HIGH WRITEUP
Sovremennye Delovye Tekhnologii FX Aggregator Terminal Client 1 - DoS via Excessive Authentication Attempts
The Sovremennye Delovye Tekhnologii FX Aggregator terminal client 1 allows attackers to cause a denial of service (access suspended for five hours) by making five invalid login attempts to a victim's account.
1 stars
CVSS 7.5
CVE-2021-3395 NOMISEC MEDIUM WRITEUP
Pryaniki 6.44.3 - Authenticated Stored Cross-Site Scripting via File Upload
A cross-site scripting (XSS) vulnerability in Pryaniki 6.44.3 allows remote authenticated users to upload an arbitrary file. The JavaScript code will execute when someone visits the attachment.
1 stars
CVSS 5.4
CVE-2021-3395 WRITEUP MEDIUM WRITEUP
Pryaniki 6.44.3 - Authenticated Stored Cross-Site Scripting via File Upload
A cross-site scripting (XSS) vulnerability in Pryaniki 6.44.3 allows remote authenticated users to upload an arbitrary file. The JavaScript code will execute when someone visits the attachment.
CVSS 5.4