Marian-Razvan Ilisanu

2 exploits Active since Feb 2022

CVE-2022-23861 NOMISEC MEDIUM WRITEUP

Y Soft SAFEQ 6 Build 53 - XSS

Multiple Stored Cross-Site Scripting vulnerabilities were discovered in Y Soft SAFEQ 6 Build 53. Multiple fields in the YSoft SafeQ web application can be used to inject malicious inputs that, due to a lack of output sanitization, result in the execution of arbitrary JS code. These fields can be leveraged to perform XSS attacks on legitimate users accessing the SafeQ web interface.

1 stars

CVSS 5.4

View Code

CVE-2021-46362 NOMISEC CRITICAL WRITEUP

Magnolia <6.2.3 - RCE

A Server-Side Template Injection (SSTI) vulnerability in the Registration and Forgotten Password forms of Magnolia v6.2.3 and below allows attackers to execute arbitrary code via a crafted payload entered into the fullname parameter.

CVSS 9.8

View Code