Mehmet Kelepce

4 exploits Active since May 2020
CVE-2020-12629 NOMISEC MEDIUM WORKING POC
osTicket < 1.14.2 - Stored Cross-Site Scripting via SLA Name
include/class.sla.php in osTicket before 1.14.2 allows XSS via the SLA Name.
CVSS 5.4
CVE-2020-13094 NOMISEC MEDIUM WORKING POC
Dolibarr < 11.0.4 - Cross-Site Scripting
Dolibarr before 11.0.4 allows XSS.
CVSS 5.4
CVE-2020-36966 EXPLOITDB MEDIUM text WORKING POC
Dolibarr 11.0.3 - Stored Cross-Site Scripting via LDAP Synchronization Parameters
Dolibarr 11.0.3 contains a persistent cross-site scripting vulnerability in LDAP synchronization settings that allows attackers to inject malicious scripts through multiple parameters. Attackers can exploit the host, slave, and port parameters in /dolibarr/admin/ldap.php to execute arbitrary JavaScript and potentially steal user cookie information.
CVSS 6.4
CVE-2020-12629 EXPLOITDB MEDIUM text WORKING POC
osTicket < 1.14.2 - Stored Cross-Site Scripting via SLA Name
include/class.sla.php in osTicket before 1.14.2 allows XSS via the SLA Name.
CVSS 5.4