Security-AVS

6 exploits Active since Oct 2020
CVE-2021-30146 NOMISEC MEDIUM WRITEUP
Seafile 7.0.5 - XSS
Seafile 7.0.5 (2019) allows Persistent XSS via the "share of library functionality."
2 stars
CVSS 5.4
CVE-2021-29267 NOMISEC MEDIUM WRITEUP
Sherlockim < 2021-03-29 - XSS
Sherlock SherlockIM through 2021-03-29 allows Cross Site Scripting (XSS) by leveraging the api/Files/Attachment URI to attack help-desk staff via the chatbot feature.
1 stars
CVSS 6.1
CVE-2021-26903 NOMISEC MEDIUM WRITEUP
Isida Retriever - XSS
LMA ISIDA Retriever 5.2 is vulnerable to XSS via query['text'].
CVSS 6.1
CVE-2021-26904 NOMISEC CRITICAL WRITEUP
Isida Retriever - SQL Injection
LMA ISIDA Retriever 5.2 allows SQL Injection.
CVSS 9.8
CVE-2020-16270 NOMISEC MEDIUM WRITEUP
Olimpok < 3.3.39 - XSS
OLIMPOKS under 3.3.39 allows Auth/Admin ErrorMessage XSS. Remote Attacker can use discovered vulnerability to inject malicious JavaScript payload to victim’s browsers in context of vulnerable applications. Executed code can be used to steal administrator’s cookies, influence HTML content of targeted application and perform phishing-related attacks. Vulnerable application used in more than 3000 organizations in different sectors from retail to industries.
CVSS 6.1
CVE-2019-13633 NOMISEC MEDIUM WRITEUP
Blinger.io v1.0.2519 - XSS
Blinger.io v.1.0.2519 is vulnerable to Blind/Persistent XSS. An attacker can send arbitrary JavaScript code via a built-in communication channel, such as Telegram, WhatsApp, Viber, Skype, Facebook, Vkontakte, or Odnoklassniki. This is mishandled within the administration panel for conversations/all, conversations/inbox, conversations/unassigned, and conversations/closed.
CVSS 6.1