Netsparker

5 exploits Active since Jul 2013
CVE-2018-14485 EXPLOITDB CRITICAL text WRITEUP
BlogEngine.NET 3.3 - XML External Entity (XXE)
BlogEngine.NET 3.3 allows XXE attacks via the POST body to metaweblog.axd.
CVSS 9.8
CVE-2013-5020 EXPLOITDB text WORKING POC
MiniBB < 3.0.1 - Cross-Site Scripting via forum_name, forum_group, forum_icon, or forum_desc Parameter
Multiple cross-site scripting (XSS) vulnerabilities in bb_admin.php in MiniBB before 3.0.1 allow remote attackers to inject arbitrary web script or HTML via the (1) forum_name, (2) forum_group, (3) forum_icon, or (4) forum_desc parameter. NOTE: the whatus vector is already covered by CVE-2008-2066.
CVE-2014-6308 EXPLOITDB text WRITEUP
OsClass < 3.4.2 - Path Traversal via File Parameter in oc-admin/index.php
Directory traversal vulnerability in OSClass before 3.4.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter in a render action to oc-admin/index.php.
CVE-2018-19782 EXPLOITDB MEDIUM text WRITEUP
FreshRSS 1.11.1 - Cross-Site Scripting via GET Parameters
Multiple cross-site scripting (XSS) vulnerabilities in GET requests in FreshRSS 1.11.1 allow remote attackers to inject arbitrary web script or HTML via the (1) c parameter or (2) a parameter.
CVSS 6.1
EIP-2026-105992 EXPLOITDB text WORKING POC
CMS Mini 0.2.2 - 'index.php' Script Cross-Site Scripting