Sergio

39 exploits Active since Sep 2023
CVE-2023-41436 NOMISEC MEDIUM WRITEUP
CSZCMS <1.3.0 - XSS
Cross Site Scripting vulnerability in CSZCMS v.1.3.0 allows a local attacker to execute arbitrary code via a crafted script to the Additional Meta Tag parameter in the Pages Content Menu component.
CVSS 5.4
CVE-2023-43339 NOMISEC MEDIUM WRITEUP
cmsmadesimple <2.2.18 - XSS
Cross-Site Scripting (XSS) vulnerability in cmsmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted payload injected into the Database Name, DataBase User or Database Port components.
CVSS 6.1
CVE-2023-43340 NOMISEC MEDIUM WRITEUP
Evolution <3.2.3 - XSS
Cross-site scripting (XSS) vulnerability in evolution v.3.2.3 allows a local attacker to execute arbitrary code via a crafted payload injected into the cmsadmin, cmsadminemail, cmspassword and cmspasswordconfim parameters
CVSS 5.2
CVE-2023-43341 NOMISEC MEDIUM WRITEUP
Evolution Evo <3.2.3 - XSS
Cross-site scripting (XSS) vulnerability in evolution evo v.3.2.3 allows a local attacker to execute arbitrary code via a crafted payload injected uid parameter.
CVSS 6.1
CVE-2023-43342 NOMISEC MEDIUM WRITEUP
opensolution Quick CMS <6.7 - XSS
Cross-site scripting (XSS) vulnerability in opensolution Quick CMS v.6.7 allows a local attacker to execute arbitrary code via a crafted script to the Languages Menu component.
CVSS 5.4
CVE-2023-43343 NOMISEC MEDIUM WRITEUP
opensolution Quick CMS <6.7 - XSS
Cross-site scripting (XSS) vulnerability in opensolution Quick CMS v.6.7 allows a local attacker to execute arbitrary code via a crafted script to the Files - Description parameter in the Pages Menu component.
CVSS 5.4
CVE-2023-43344 NOMISEC MEDIUM WRITEUP
opensolution Quick CMS <6.7 - XSS
Cross-site scripting (XSS) vulnerability in opensolution Quick CMS v.6.7 allows a local attacker to execute arbitrary code via a crafted script to the SEO - Meta description parameter in the Pages Menu component.
CVSS 5.4
CVE-2023-43345 NOMISEC HIGH WRITEUP
opensolution Quick CMS <6.7 - XSS
Cross-site scripting (XSS) vulnerability in opensolution Quick CMS v.6.7 allows a local attacker to execute arbitrary code via a crafted script to the Content - Name parameter in the Pages Menu component.
CVSS 8.6
CVE-2023-43346 NOMISEC MEDIUM WRITEUP
opensolution Quick CMS <6.7 - XSS
Cross-site scripting (XSS) vulnerability in opensolution Quick CMS v.6.7 allows a local attacker to execute arbitrary code via a crafted script to the Backend - Dashboard parameter in the Languages Menu component.
CVSS 5.4
CVE-2023-43352 NOMISEC HIGH WRITEUP
CMSmadesimple <2.2.18 - RCE
An issue in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted payload to the Content Manager Menu component.
CVSS 7.8
CVE-2023-43353 NOMISEC MEDIUM WRITEUP
CMSmadesimple <2.2.18 - XSS
Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the extra parameter in the news menu component.
CVSS 5.4
CVE-2023-43354 NOMISEC MEDIUM WRITEUP
CMSmadesimple <2.2.18 - XSS
Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Profiles parameter in the Extensions -MicroTiny WYSIWYG editor component.
CVSS 5.4
CVE-2023-43355 NOMISEC MEDIUM WRITEUP
CMSmadesimple <2.2.18 - XSS
Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the password and password again parameters in the My Preferences - Add user component.
CVSS 5.4
CVE-2023-43356 NOMISEC MEDIUM WRITEUP
CMSmadesimple <2.2.18 - XSS
Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Global Meatadata parameter in the Global Settings Menu component.
CVSS 5.4
CVE-2023-43357 NOMISEC MEDIUM WRITEUP
CMSmadesimple <2.2.18 - XSS
Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Title parameter in the Manage Shortcuts component.
CVSS 5.4
CVE-2023-43358 NOMISEC MEDIUM WRITEUP
CMSmadesimple <2.2.18 - XSS
Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Title parameter in the News Menu component.
CVSS 5.4
CVE-2023-43359 NOMISEC MEDIUM WORKING POC
CMSmadesimple <2.2.18 - XSS
Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Page Specific Metadata and Smarty data parameters in the Content Manager Menu component.
CVSS 5.4
CVE-2023-43360 NOMISEC MEDIUM WRITEUP
CMSmadesimple <2.2.18 - XSS
Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Top Directory parameter in the File Picker Menu component.
CVSS 5.4
CVE-2023-43871 NOMISEC MEDIUM WRITEUP
WBCE 1.6.1 - XSS
A File upload vulnerability in WBCE v.1.6.1 allows a local attacker to upload a pdf file with hidden Cross Site Scripting (XSS).
CVSS 5.4
CVE-2023-43872 NOMISEC MEDIUM WRITEUP
CMSmadesimple <2.2.18 - XSS
A File upload vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to upload a pdf file with hidden Cross Site Scripting (XSS).
CVSS 5.4
CVE-2023-43873 NOMISEC MEDIUM WRITEUP
e017 CMS <2.3.2 - XSS
A Cross Site Scripting (XSS) vulnerability in e017 CMS v.2.3.2 allows a local attacker to execute arbitrary code via a crafted script to the Name filed in the Manage Menu.
CVSS 5.4
CVE-2023-43874 NOMISEC MEDIUM WORKING POC
e017 CMS <2.3.2 - XSS
Multiple Cross Site Scripting (XSS) vulnerability in e017 CMS v.2.3.2 allows a local attacker to execute arbitrary code via a crafted script to the Copyright and Author fields in the Meta & Custom Tags Menu.
CVSS 5.4
CVE-2023-43875 NOMISEC MEDIUM WORKING POC
Subrion CMS <4.2.1 - XSS
Multiple Cross-Site Scripting (XSS) vulnerabilities in installation of Subrion CMS v.4.2.1 allows a local attacker to execute arbitrary web scripts via a crafted payload injected into the dbhost, dbname, dbuser, adminusername and adminemail.
CVSS 6.1
CVE-2023-43876 NOMISEC MEDIUM WORKING POC
October <3.4.16 - XSS
A Cross-Site Scripting (XSS) vulnerability in installation of October v.3.4.16 allows an attacker to execute arbitrary web scripts via a crafted payload injected into the dbhost field.
CVSS 5.4
CVE-2023-43877 NOMISEC MEDIUM WRITEUP
Rite CMS 3.0 - XSS
Rite CMS 3.0 has Multiple Cross-Site scripting (XSS) vulnerabilities that allow attackers to execute arbitrary code via a payload crafted in the Home Page fields in the Administration menu.
CVSS 4.8