YavuzSahbaz

2 exploits Active since May 2022

CVE-2022-28508 WRITEUP MEDIUM WRITEUP

MantisBT < 2.25.2 - Stored Cross-Site Scripting via Unescaped Return Parameter

An XSS issue was discovered in browser_search_plugin.php in MantisBT before 2.25.2. Unescaped output of the return parameter allows an attacker to inject code into a hidden input field.

CVSS 6.1

View Code

CVE-2022-31402 WRITEUP MEDIUM WRITEUP

iTop 3.0.1 - Cross-Site Scripting via export-v2.php

ITOP v3.0.1 was discovered to contain a cross-site scripting (XSS) vulnerability via /itop/webservices/export-v2.php.

CVSS 6.1

View Code