Numan OZDEMIR

4 exploits Active since Sep 2018
CVE-2019-12095 EXPLOITDB HIGH text WORKING POC
Horde Groupware < 5.2.22 - Cross-Site Request Forgery via treanBookmarkTags Parameter
Horde Trean, as used in Horde Groupware Webmail Edition through 5.2.22 and other products, allows CSRF, as demonstrated by the treanBookmarkTags parameter to the trean/ URI on a webmail server. NOTE: treanBookmarkTags could, for example, be a stored XSS payload.
CVSS 8.8
CVE-2019-12094 EXPLOITDB MEDIUM text WORKING POC
Horde Groupware Webmail Edition <5.2.22 - XSS
Horde Groupware Webmail Edition through 5.2.22 allows XSS via an admin/user.php?form=update_f&user_name= or admin/user.php?form=remove_f&user_name= or admin/config/diff.php?app= URI.
CVSS 6.1
CVE-2018-17128 EXPLOITDB MEDIUM text WRITEUP
MyBB < 1.8.19 - Stored Cross-Site Scripting via Video MyCode in Visual Editor
A Persistent XSS issue was discovered in the Visual Editor in MyBB before 1.8.19 via a Video MyCode.
CVSS 5.4
CVE-2018-18548 EXPLOITDB MEDIUM text WRITEUP
AjentiCP < 1.2.23.13 - Cross-Site Scripting via File Manager Filename
ajenticp (aka Ajenti Docker control panel) for Ajenti through v1.2.23.13 has XSS via a filename that is mishandled in File Manager.
CVSS 6.1