SunCSR (Sun* Cyber Security Research) - Security Researcher

CVE-2020-37019 EXPLOITDB MEDIUM text WORKING POC

Orchard Core RC1 - Stored Cross-Site Scripting via Blog Post MarkdownBodyPart.Source Parameter

Orchard Core RC1 contains a persistent cross-site scripting vulnerability that allows remote attackers to inject malicious scripts through blog post creation. Attackers can create blog posts with embedded JavaScript in the MarkdownBodyPart.Source parameter to execute arbitrary scripts in victim browsers.

CVSS 6.4

View Code

CVE-2020-25343 EXPLOITDB MEDIUM text WORKING POC

Symphony CMS 3.0.0 - Stored Cross-Site Scripting via Event Publish Article Body Field

Cross-site scripting (XSS) vulnerabilities in Symphony CMS 3.0.0 allow remote attackers to inject arbitrary web script or HTML to fields['body'] param via events\event.publish_article.php

CVSS 5.4

View Code

CVE-2020-11530 EXPLOITDB CRITICAL text WORKING POC

idangero chop_slider - Blind SQL Injection via id GET Parameter

A blind SQL injection vulnerability is present in Chop Slider 3, a WordPress plugin. The vulnerability is introduced in the id GET parameter supplied to get_script/index.php, and allows an attacker to execute arbitrary SQL queries in the context of the WP database user.

CVSS 9.8

View Code

EIP-2026-113472 EXPLOITDB text WORKING POC

WonderCMS 3.1.3 - 'uploadFile' Stored Cross-Site Scripting

View Code

EIP-2026-113763 EXPLOITDB text WORKING POC

WordPress Plugin Form Maker 5.4.1 - 's' SQL Injection (Authenticated)

View Code

EIP-2026-111748 EXPLOITDB python WORKING POC

Responsive FileManager 9.13.4 - 'path' Path Traversal

View Code

CVE-2020-12706 EXPLOITDB MEDIUM text WORKING POC

php-fusion 9.03.50 - Cross-Site Scripting via FAQ or Shoutbox Admin Panel go Parameter

Multiple Cross-site scripting vulnerabilities in PHP-Fusion 9.03.50 allow remote attackers to inject arbitrary web script or HTML via the go parameter to faq/faq_admin.php or shoutbox_panel/shoutbox_admin.php

CVSS 5.4

View Code

CVE-2020-12707 EXPLOITDB MEDIUM text WORKING POC

LeptonCMS 4.5.0 - Stored Cross-Site Scripting via Event Handler Injection

An XSS vulnerability exists in modules/wysiwyg/save.php of LeptonCMS 4.5.0. This can be exploited because the only security measure used against XSS is the stripping of SCRIPT elements. A malicious actor can use HTML event handlers to run JavaScript instead of using SCRIPT elements.

CVSS 6.1

View Code