Timo Sarkar

CVE-2023-44915 WRITEUP HIGH WRITEUP

c3crm <= 3.0.4 - Cross-Site Scripting via Login Error Parameter

A cross-site scripting (XSS) vulnerability in the component /Login.php of c3crm up to v3.0.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the login_error parameter.

CVSS 7.1

View Code

CVE-2025-22917 WRITEUP MEDIUM WRITEUP

Audemium ERP <= 0.9.0 - Reflected Cross-Site Scripting via 'type' Parameter

A reflected cross-site scripting (XSS) vulnerability in Audemium ERP <=0.9.0 allows remote attackers to execute an arbitrary JavaScript payload in the web browser of a user by including a malicious payload into the 'type' parameter of list.php.

CVSS 5.4

View Code