Mehmet Kelepce - Security Researcher - Exploit Intelligence Platform

CVE-2020-12629 NOMISEC MEDIUM WORKING POC

osTicket <1.14.2 - XSS

include/class.sla.php in osTicket before 1.14.2 allows XSS via the SLA Name.

CVSS 5.4

View Code

CVE-2020-13094 NOMISEC MEDIUM WORKING POC

Dolibarr <11.0.4 - XSS

Dolibarr before 11.0.4 allows XSS.

CVSS 5.4

View Code

CVE-2020-36966 EXPLOITDB MEDIUM text WORKING POC

Dolibarr 11.0.3 - XSS

Dolibarr 11.0.3 contains a persistent cross-site scripting vulnerability in LDAP synchronization settings that allows attackers to inject malicious scripts through multiple parameters. Attackers can exploit the host, slave, and port parameters in /dolibarr/admin/ldap.php to execute arbitrary JavaScript and potentially steal user cookie information.

CVSS 6.4

View Code

CVE-2020-12629 EXPLOITDB MEDIUM text WORKING POC

osTicket <1.14.2 - XSS

include/class.sla.php in osTicket before 1.14.2 allows XSS via the SLA Name.

CVSS 5.4

View Code