anh91

5 exploits Active since Aug 2023
CVE-2023-38969 WRITEUP MEDIUM WRITEUP
Badaso 2.9.7 - Stored Cross-Site Scripting via Book Title Parameter
Cross Site Scripting vulnerabiltiy in Badaso v.2.9.7 allows a remote attacker to execute arbitrary code via a crafted payload to the title parameter in the new book and edit book function.
CVSS 5.4
CVE-2023-38970 WRITEUP MEDIUM WRITEUP
Badaso 0.0.1-2.9.7 - Stored Cross-Site Scripting via New Member Name Parameter
Cross Site Scripting vulnerabiltiy in Badaso v.0.0.1 thru v.2.9.7 allows a remote attacker to execute arbitrary code via a crafted payload to the Name of member parameter in the add new member function.
CVSS 5.4
CVE-2023-38971 WRITEUP MEDIUM WRITEUP
Badaso < 2.9.7 - Stored Cross-Site Scripting via Rack Number Parameter
Cross Site Scripting vulnerabiltiy in Badaso v.0.0.1 thru v.2.9.7 allows a remote attacker to execute arbitrary code via a crafted payload to the rack number parameter in the add new rack function.
CVSS 5.4
CVE-2023-38973 WRITEUP MEDIUM WRITEUP
Badaso 2.9.7 - Stored Cross-Site Scripting via Add Tag Title Parameter
A stored cross-site scripting (XSS) vulnerability in the Add Tag function of Badaso v2.9.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title parameter.
CVSS 5.4
CVE-2023-38974 WRITEUP MEDIUM WRITEUP
Badaso 2.9.7 - Stored Cross-Site Scripting via Edit Category Title Parameter
A stored cross-site scripting (XSS) vulnerability in the Edit Category function of Badaso v2.9.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title parameter.
CVSS 5.4