Noflag (CHT Security) - Security Researcher - Exploit Intelligence Platform

CVE-2023-36118 WRITEUP MEDIUM WRITEUP

Faculty Evaulation System <1.0 - XSS

Cross Site Scripting vulnerability in Faculty Evaulation System using PHP/MySQLi v.1.0 allows an attacker to execute arbitrary code via a crafted payload to the page parameter.

CVSS 5.4

View Code

CVE-2023-37153 WRITEUP MEDIUM WRITEUP

Kodcloud Kodexplorer - XSS

KodExplorer 4.51 contains a Cross-Site Scripting (XSS) vulnerability in the Description box of the Light App creation feature. An attacker can exploit this vulnerability by injecting XSS syntax into the Description field.

CVSS 6.1

View Code

CVE-2023-39551 WRITEUP CRITICAL WRITEUP

Phpgurukul Online Security Guards Hiring System - SQL Injection

PHPGurukul Online Security Guards Hiring System v.1.0 is vulnerable to SQL Injection via osghs/admin/search.php.

CVSS 9.8

View Code

CVE-2023-41471 WRITEUP HIGH WRITEUP

copyparty <1.9.2 - XSS

Cross Site Scripting vulnerability in copyparty before 1.9.2 allows a local attacker to execute arbitrary code via a crafted payload to the WEEKEND-PLANS function. NOTE: this is disputed because WEEKEND-PLANS is accessible only to actors who already have write access to the server, and they can more simply upload HTML files containing JavaScript.

CVSS 7.8

View Code