PARAG BAGUL

8 exploits Active since May 2023
CVE-2023-30145 NOMISEC CRITICAL WRITEUP
Tuzitio Camaleon Cms < 2.7.0 - Code Injection
Camaleon CMS v2.7.0 was discovered to contain a Server-Side Template Injection (SSTI) vulnerability via the formats parameter.
7 stars
CVSS 9.8
CVE-2024-41290 NOMISEC HIGH WRITEUP
FlatPress CMS <1.3.1 - Info Disclosure
FlatPress CMS v1.3.1 1.3 was discovered to use insecure methods to store authentication data via the cookie's component.
CVSS 8.1
CVE-2024-31835 NOMISEC MEDIUM WRITEUP
Flatpress <1.3 - XSS
Cross Site Scripting vulnerability in flatpress CMS Flatpress v1.3 allows a remote attacker to execute arbitrary code via a crafted payload to the file name parameter.
CVSS 4.8
CVE-2024-33209 NOMISEC MEDIUM SUSPICIOUS
Flatpress - XSS
FlatPress v1.3 is vulnerable to Cross Site Scripting (XSS). An attacker can inject malicious JavaScript code into the "Add New Entry" section, which allows them to execute arbitrary code in the context of a victim's web browser.
CVSS 5.4
CVE-2024-33210 NOMISEC MEDIUM WORKING POC
Flatpress - XSS
A cross-site scripting (XSS) vulnerability has been identified in Flatpress 1.3. This vulnerability allows an attacker to inject malicious scripts into web pages viewed by other users.
CVSS 5.4
CVE-2024-25411 NOMISEC MEDIUM WORKING POC
Flatpress <1.3 - XSS
A cross-site scripting (XSS) vulnerability in Flatpress v1.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username parameter in setup.php.
CVSS 6.1
CVE-2024-25412 NOMISEC MEDIUM WORKING POC
Flatpress <1.3 - XSS
A cross-site scripting (XSS) vulnerability in Flatpress v1.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the email field.
CVSS 6.1
CVE-2023-30145 EXPLOITDB CRITICAL text WORKING POC
Tuzitio Camaleon Cms < 2.7.0 - Code Injection
Camaleon CMS v2.7.0 was discovered to contain a Server-Side Template Injection (SSTI) vulnerability via the formats parameter.
CVSS 9.8