Okan Kurtulus

6 exploits Active since Jan 2023
CVE-2021-47783 EXPLOITDB MEDIUM text WORKING POC
phpwcms 1.9.30 - Authenticated Unrestricted Upload of Dangerous File via SVG File Upload
Phpwcms 1.9.30 contains a file upload vulnerability that allows authenticated attackers to upload malicious SVG files with embedded JavaScript. Attackers can upload crafted SVG payloads through the multiple file upload feature to potentially execute cross-site scripting attacks on the platform.
CVSS 5.4
CVE-2024-48120 EXPLOITDB MEDIUM WORKING POC
X2CRM 8.5 - Authenticated Stored Cross-Site Scripting in Opportunities Module Name Field
X2CRM v8.5 is vulnerable to a stored Cross-Site Scripting (XSS) in the "Opportunities" module. An attacker can inject malicious JavaScript code into the "Name" field when creating a list.
CVSS 5.4
EIP-2026-111298 EXPLOITDB text WORKING POC
Piwigo v13.7.0 - Stored Cross-Site Scripting (XSS) (Authenticated)
EIP-2026-110016 EXPLOITDB text WORKING POC
October CMS v3.4.4 - Stored Cross-Site Scripting (XSS) (Authenticated)
CVE-2024-46528 EXPLOITDB MEDIUM WRITEUP
KubeSphere 3.x-3.4.1, 3.x-3.5.0, 4.x<4.1.3 - Authenticated Insecure Direct Object Reference
An Insecure Direct Object Reference (IDOR) vulnerability in KubeSphere 4.x before 4.1.3 and 3.x through 3.4.1 and KubeSphere Enterprise 4.x before 4.1.3 and 3.x through 3.5.0 allows low-privileged authenticated attackers to access sensitive resources without proper authorization checks.
CVSS 4.3
CVE-2022-41441 EXPLOITDB MEDIUM text WORKING POC
reqlogic 11.3 - Cross-Site Scripting via POBatch and WaitDuration Parameters
Multiple cross-site scripting (XSS) vulnerabilities in ReQlogic v11.3 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the POBatch and WaitDuration parameters.
CVSS 6.1