Tin Pham

2 exploits Active since May 2022
CVE-2021-31673 EXPLOITDB MEDIUM text WRITEUP
Cyclos 4.0.0-4.14.7 - DOM-Based Cross-Site Scripting via Registration GroupId Parameter
A Dom-based Cross-site scripting (XSS) vulnerability at registration account in Cyclos 4 PRO.14.7 and before allows remote attackers to inject arbitrary web script or HTML via the groupId parameter.
CVSS 6.1
CVE-2021-31674 EXPLOITDB MEDIUM text WORKING POC
Cyclos 4.0.0-4.14.7 - Unauthenticated DOM-Based Cross-Site Scripting via Undefined Enum Constant
Cyclos 4 PRO 4.14.7 and before does not validate user input at error inform, which allows remote unauthenticated attacker to execute javascript code via undefine enum constant.
CVSS 6.1