Sahar Shlichove

2 exploits Active since Nov 2023

CVE-2023-4771 NOMISEC MEDIUM WRITEUP

CKEditor < 4.15.1 - Cross-Site Scripting via /ckeditor/samples/old/ajax.html

A Cross-Site scripting vulnerability has been found in CKSource CKEditor affecting versions 4.15.1 and earlier. An attacker could send malicious javascript code through the /ckeditor/samples/old/ajax.html file and retrieve an authorized user's information.

2 stars

CVSS 6.1

View Code

CVE-2023-40297 NOMISEC HIGH WRITEUP

Stakater Forecastle < 1.0.139 - Path Traversal via URL-Encoded Backslash

Stakater Forecastle 1.0.139 and before allows %5C../ directory traversal in the website component.

CVSS 7.5

View Code