SANU P.L - Security Researcher - Exploit Intelligence Platform

CVE-2024-34568 NOMISEC MEDIUM WORKING POC

Themeqx LetterPress <= 1.2.1 - Stored Cross-Site Scripting

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themeqx LetterPress allows Stored XSS.This issue affects LetterPress: from n/a through 1.2.1.

1 stars

CVSS 5.9

View Code

CVE-2021-45744 NOMISEC MEDIUM WRITEUP

Bludit < 3.13.1 - Stored Cross-Site Scripting via Tags Field

A Stored Cross Site Scripting (XSS) vulnerability exists in bludit 3.13.1 via the TAGS section in login panel.

1 stars

CVSS 5.4

View Code

CVE-2021-46067 NOMISEC CRITICAL WORKING POC

In Vehicle Service Management System 1.0 - Info Disclosure

In Vehicle Service Management System 1.0 an attacker can steal the cookies leading to Full Account Takeover.

1 stars

CVSS 9.8

View Code

CVE-2021-46068 NOMISEC MEDIUM WORKING POC

Vehicle Service Management System 1.0 - XSS

A Stored Cross Site Scripting (XSS) vulnerability exists in Vehicle Service Management System 1.0 via the My Account Section in login panel.

1 stars

CVSS 4.8

View Code

CVE-2021-46069 NOMISEC MEDIUM WRITEUP

Vehicle Service Management System 1.0 - XSS

A Stored Cross Site Scripting (XSS) vulnerability exists in Vehicle Service Management System 1.0 via the Mechanic List Section in login panel.

1 stars

CVSS 4.8

View Code

CVE-2021-46070 NOMISEC MEDIUM WRITEUP

Vehicle Service Management System 1.0 - XSS

A Stored Cross Site Scripting (XSS) vulnerability exists in Vehicle Service Management System 1.0 via the Service Requests Section in login panel.

1 stars

CVSS 4.8

View Code

CVE-2021-46071 NOMISEC MEDIUM WRITEUP

Vehicle Service Management System 1.0 - XSS

A Stored Cross Site Scripting (XSS) vulnerability exists in Vehicle Service Management System 1.0 via the Category List Section in login panel.

1 stars

CVSS 4.8

View Code

CVE-2021-46072 NOMISEC MEDIUM WORKING POC

Vehicle Service Management System 1.0 - XSS

A Stored Cross Site Scripting (XSS) vulnerability exists in Vehicle Service Management System 1.0 via the Service List Section in login panel.

1 stars

CVSS 4.8

View Code

CVE-2021-46072 NOMISEC MEDIUM WORKING POC

Vehicle Service Management System 1.0 - XSS

A Stored Cross Site Scripting (XSS) vulnerability exists in Vehicle Service Management System 1.0 via the Service List Section in login panel.

1 stars

CVSS 4.8

View Code

CVE-2021-46073 NOMISEC MEDIUM WRITEUP

Sourcecodester Vehicle Service Mgmt 1.0 - XSS

A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Vehicle Service Management System 1.0 via the User List Section in login panel.

1 stars

CVSS 4.8

View Code

CVE-2021-46074 NOMISEC MEDIUM WRITEUP

Sourcecodester Vehicle Service Mgmt 1.0 - XSS

A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Vehicle Service Management System 1.0 via the Settings Section in login panel.

1 stars

CVSS 4.8

View Code

CVE-2021-46075 NOMISEC HIGH WRITEUP

Sourcecodester Vehicle Service Mgmt 1.0 - Privilege Escalation

A Privilege Escalation vulnerability exists in Sourcecodester Vehicle Service Management System 1.0. Staff account users can access the admin resources and perform CRUD Operations.

1 stars

CVSS 7.2

View Code

CVE-2021-46076 NOMISEC HIGH WORKING POC

Sourcecodester Vehicle Service Management System 1.0 - Code Injection

Sourcecodester Vehicle Service Management System 1.0 is vulnerable to File upload. An attacker can upload a malicious php file in multiple endpoints it leading to Code Execution.

1 stars

CVSS 8.8

View Code

CVE-2021-46078 NOMISEC MEDIUM WRITEUP

Sourcecodester Vehicle Service Mgmt 1.0 - XSS

An Unrestricted File Upload vulnerability exists in Sourcecodester Vehicle Service Management System 1.0. A remote attacker can upload malicious files leading to a Stored Cross-Site Scripting vulnerability.

1 stars

CVSS 4.8

View Code

CVE-2021-46079 NOMISEC HIGH WRITEUP

Sourcecodester Vehicle Service Mgmt 1.0 - File Upload

An Unrestricted File Upload vulnerability exists in Sourcecodester Vehicle Service Management System 1.0. A remote attacker can upload malicious files leading to Html Injection.

1 stars

CVSS 7.2

View Code

CVE-2021-46080 NOMISEC MEDIUM WRITEUP

Vehicle Service Management System 1.0 - CSRF

A Cross Site Request Forgery (CSRF) vulnerability exists in Vehicle Service Management System 1.0. An successful CSRF attacks leads to Stored Cross Site Scripting Vulnerability.

1 stars

CVSS 4.8

View Code

CVE-2021-45745 NOMISEC MEDIUM WRITEUP

Bludit < 3.13.1 - Stored Cross-Site Scripting in About Plugin

A Stored Cross Site Scripting (XSS) vulnerability exists in Bludit 3.13.1 via the About Plugin in login panel.

1 stars

CVSS 5.4

View Code

CVE-2021-45745 NOMISEC MEDIUM WRITEUP

Bludit < 3.13.1 - Stored Cross-Site Scripting in About Plugin

A Stored Cross Site Scripting (XSS) vulnerability exists in Bludit 3.13.1 via the About Plugin in login panel.

CVSS 5.4

View Code

CVE-2021-46073 NOMISEC MEDIUM WORKING POC

Sourcecodester Vehicle Service Mgmt 1.0 - XSS

A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Vehicle Service Management System 1.0 via the User List Section in login panel.

CVSS 4.8

View Code

CVE-2021-46067 NOMISEC CRITICAL WORKING POC

In Vehicle Service Management System 1.0 - Info Disclosure

In Vehicle Service Management System 1.0 an attacker can steal the cookies leading to Full Account Takeover.

CVSS 9.8

View Code

CVE-2021-46078 NOMISEC MEDIUM WORKING POC

Sourcecodester Vehicle Service Mgmt 1.0 - XSS

An Unrestricted File Upload vulnerability exists in Sourcecodester Vehicle Service Management System 1.0. A remote attacker can upload malicious files leading to a Stored Cross-Site Scripting vulnerability.

CVSS 4.8

View Code

CVE-2021-46068 NOMISEC MEDIUM WORKING POC

Vehicle Service Management System 1.0 - XSS

A Stored Cross Site Scripting (XSS) vulnerability exists in Vehicle Service Management System 1.0 via the My Account Section in login panel.

CVSS 4.8

View Code

CVE-2021-46074 NOMISEC MEDIUM WORKING POC

Sourcecodester Vehicle Service Mgmt 1.0 - XSS

A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Vehicle Service Management System 1.0 via the Settings Section in login panel.

CVSS 4.8

View Code

CVE-2021-46069 NOMISEC MEDIUM WORKING POC

Vehicle Service Management System 1.0 - XSS

A Stored Cross Site Scripting (XSS) vulnerability exists in Vehicle Service Management System 1.0 via the Mechanic List Section in login panel.

CVSS 4.8

View Code

CVE-2021-46080 NOMISEC MEDIUM WRITEUP

Vehicle Service Management System 1.0 - CSRF

A Cross Site Request Forgery (CSRF) vulnerability exists in Vehicle Service Management System 1.0. An successful CSRF attacks leads to Stored Cross Site Scripting Vulnerability.

CVSS 4.8

View Code