Tushar Vaidya - Security Researcher - Exploit Intelligence Platform

CVE-2021-28002 EXPLOITDB MEDIUM text WORKING POC

Textpattern CMS 4.9.0 - XSS

A persistent cross-site scripting vulnerability was discovered in the Excerpt parameter in Textpattern CMS 4.9.0 which allows remote attackers to execute arbitrary code via a crafted payload entered into the URL field. The vulnerability is triggered by users visiting the 'Articles' page.

CVSS 5.4

View Code

CVE-2021-28001 EXPLOITDB MEDIUM text WORKING POC

Textpattern CMS 4.8.4 - XSS

A cross-site scripting vulnerability was discovered in the Comments parameter in Textpattern CMS 4.8.4 which allows remote attackers to execute arbitrary code via a crafted payload entered into the URL field. The vulnerability is triggered by users visiting https://site.com/articles/welcome-to-your-site#comments-head.

CVSS 5.4

View Code

CVE-2021-27822 EXPLOITDB MEDIUM text WORKING POC

Vehicle Parking Management System 1.0 - XSS

A persistent cross site scripting (XSS) vulnerability in the Add Categories module of Vehicle Parking Management System 1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Category field.

CVSS 4.8

View Code

EIP-2026-109197 EXPLOITDB text WORKING POC

Local Services Search Engine Management System (LSSMES) 1.0 - 'name' Persistent Cross-Site Scripting (XSS)

View Code

EIP-2026-109198 EXPLOITDB text WRITEUP

Local Services Search Engine Management System (LSSMES) 1.0 - Blind & Error based SQL injection (Authenticated)

View Code