Noflag (CHT Security) - Security Researcher - Exploit Intelligence Platform

CVE-2023-36118 WRITEUP MEDIUM WRITEUP

Faculty Evaulation System <1.0 - XSS

Cross Site Scripting vulnerability in Faculty Evaulation System using PHP/MySQLi v.1.0 allows an attacker to execute arbitrary code via a crafted payload to the page parameter.

CVSS 5.4

View Code

CVE-2023-37153 WRITEUP MEDIUM WRITEUP

KodExplorer 4.51 - Stored Cross-Site Scripting in Light App Description Field

KodExplorer 4.51 contains a Cross-Site Scripting (XSS) vulnerability in the Description box of the Light App creation feature. An attacker can exploit this vulnerability by injecting XSS syntax into the Description field.

CVSS 6.1

View Code

CVE-2023-39551 WRITEUP CRITICAL WRITEUP

Online Security Guards Hiring System 1.0 - SQL Injection via Admin Search Endpoint

PHPGurukul Online Security Guards Hiring System v.1.0 is vulnerable to SQL Injection via osghs/admin/search.php.

CVSS 9.8

View Code

CVE-2023-41471 WRITEUP HIGH WRITEUP

copyparty < 1.9.2 - Cross-Site Scripting via WEEKEND-PLANS Function

Cross Site Scripting vulnerability in copyparty before 1.9.2 allows a local attacker to execute arbitrary code via a crafted payload to the WEEKEND-PLANS function. NOTE: this is disputed because WEEKEND-PLANS is accessible only to actors who already have write access to the server, and they can more simply upload HTML files containing JavaScript.

CVSS 7.8

View Code