Nguyen-Trung-Kien - Security Researcher - Exploit Intelligence Platform

CVE-2021-46253 WRITEUP MEDIUM WORKING POC

Anchor CMS <0.12.7 - XSS

A cross-site scripting (XSS) vulnerability in the Create Post function of Anchor CMS v0.12.7 allows attackers to execute arbitrary web scripts or HTML.

CVSS 5.4

View Code

CVE-2021-46458 WRITEUP HIGH WRITEUP

Victor CMS v1.0 - SQL Injection

Victor CMS v1.0 was discovered to contain a SQL injection vulnerability in the component admin/posts.php?source=add_post. This vulnerability can be exploited through a crafted POST request via the post_title parameter.

CVSS 7.5

View Code

CVE-2021-46459 WRITEUP HIGH WRITEUP

Victor CMS v1.0 - SQL Injection

Victor CMS v1.0 was discovered to contain multiple SQL injection vulnerabilities in the component admin/users.php?source=add_user. These vulnerabilities can be exploited through a crafted POST request via the user_name, user_firstname,user_lastname, or user_email parameters.

CVSS 7.5

View Code

CVE-2022-24226 WRITEUP HIGH STUB

Hospital Management System v4.0 - SQL Injection

Hospital Management System v4.0 was discovered to contain a blind SQL injection vulnerability via the register function in func2.php.

CVSS 7.5

View Code

CVE-2022-24585 WRITEUP MEDIUM WRITEUP

PluXml 5.8.7 - XSS

A stored cross-site scripting (XSS) vulnerability in the component /core/admin/comment.php of PluXml v5.8.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the author parameter.

CVSS 5.4

View Code

CVE-2022-24586 WRITEUP MEDIUM WRITEUP

PluXml <5.8.7 - XSS

A stored cross-site scripting (XSS) vulnerability in the component /core/admin/categories.php of PluXml v5.8.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the content and thumbnail parameters.

CVSS 5.4

View Code

CVE-2022-24587 WRITEUP MEDIUM STUB

PluXml 5.8.7 - XSS

A stored cross-site scripting (XSS) vulnerability in the component core/admin/medias.php of PluXml v5.8.7 allows attackers to execute arbitrary web scripts or HTML.

CVSS 5.4

View Code

CVE-2022-24588 WRITEUP MEDIUM STUB

Flatpress <1.2.1 - XSS

Flatpress v1.2.1 was discovered to contain a cross-site scripting (XSS) vulnerability in the Upload SVG File function.

CVSS 5.4

View Code

CVE-2022-24589 WRITEUP MEDIUM WRITEUP

Burden v3.0 - XSS

Burden v3.0 was discovered to contain a stored cross-site scripting (XSS) in the Add Category function. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the task parameter.

CVSS 6.1

View Code

CVE-2022-24590 WRITEUP MEDIUM WRITEUP

BackdropCMS <1.21.1 - XSS

A stored cross-site scripting (XSS) vulnerability in the Add Link function of BackdropCMS v1.21.1 allows attackers to execute arbitrary web scripts or HTML.

CVSS 5.4

View Code