bigzooooz

16 exploits Active since May 2022
CVE-2022-30513 NOMISEC MEDIUM WORKING POC
School Dormitory Management System 1.0 - Reflected Cross-Site Scripting via admin/inc/navigation.php
School Dormitory Management System v1.0 is vulnerable to reflected cross-site scripting (XSS) via admin/inc/navigation.php:125
2 stars
CVSS 6.1
CVE-2022-28078 NOMISEC MEDIUM WRITEUP
Home Owners Collection Management v1 - Reflected Cross-Site Scripting via Admin Panel Page Parameter
Home Owners Collection Management v1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in the Admin panel via the $_GET['page'] parameter.
2 stars
CVSS 6.1
CVE-2024-55060 NOMISEC MEDIUM WRITEUP
Rafed CMS Website 1.44 - Cross-Site Scripting via index.php
A cross-site scripting (XSS) vulnerability in the component index.php of Rafed CMS Website v1.44 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
1 stars
CVSS 6.1
CVE-2023-26692 NOMISEC MEDIUM WORKING POC
ZCBS/ZBBS/ZPBS 4.14k - Cross-Site Scripting
ZCBS Zijper Collectie Beheer Systeem (ZCBS), Zijper Publication Management System (ZPBS), and Zijper Image Bank Management System (ZBBS) 4.14k is vulnerable to Cross Site Scripting (XSS).
1 stars
CVSS 6.1
CVE-2022-31295 NOMISEC HIGH WORKING POC
Online Discussion Forum Site 1 - Info Disclosure
An issue in the delete_post() function of Online Discussion Forum Site 1 allows unauthenticated attackers to arbitrarily delete posts.
1 stars
CVSS 7.5
CVE-2022-31296 NOMISEC CRITICAL WRITEUP
Online Discussion Forum Site 1 - SQL Injection
Online Discussion Forum Site 1 was discovered to contain a blind SQL injection vulnerability via the component /odfs/posts/view_post.php.
1 stars
CVSS 9.8
CVE-2022-31298 NOMISEC MEDIUM WRITEUP
Haraj 3.7 - Stored Cross-Site Scripting in Ads Comment Section
A cross-site scripting vulnerability in the ads comment section of Haraj v3.7 allows attackers to execute arbitrary web scripts or HTML via a crafted POST request.
1 stars
CVSS 5.4
CVE-2022-31299 NOMISEC MEDIUM WORKING POC
Haraj 3.7 - Reflected Cross-Site Scripting in User Upgrade Form
Haraj v3.7 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in the User Upgrade Form.
1 stars
CVSS 6.1
CVE-2022-31300 NOMISEC MEDIUM WRITEUP
Haraj 3.7 - Cross-Site Scripting in DM Section via POST Request
A cross-site scripting vulnerability in the DM Section component of Haraj v3.7 allows attackers to execute arbitrary web scripts or HTML via a crafted POST request.
1 stars
CVSS 5.4
CVE-2022-31301 NOMISEC MEDIUM WRITEUP
Haraj 3.7 - Stored Cross-Site Scripting in Post Ads Component
Haraj v3.7 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Post Ads component.
1 stars
CVSS 5.4
CVE-2022-31294 NOMISEC MEDIUM WORKING POC
Online Discussion Forum Site 1 - Info Disclosure
An issue in the save_users() function of Online Discussion Forum Site 1 allows unauthenticated attackers to arbitrarily create or update user accounts.
1 stars
CVSS 6.5
CVE-2022-30512 NOMISEC CRITICAL WRITEUP
School Dormitory Management System 1.0 - SQL Injection via Payment History Page
School Dormitory Management System 1.0 is vulnerable to SQL Injection via accounts/payment_history.php:31.
1 stars
CVSS 9.8
CVE-2022-30514 NOMISEC MEDIUM WORKING POC
School Dormitory Management System 1.0 - Reflected Cross-Site Scripting via admin/inc/navigation.php
School Dormitory Management System v1.0 is vulnerable to reflected cross-site scripting (XSS) via admin/inc/navigation.php:126.
1 stars
CVSS 6.1
CVE-2022-30511 NOMISEC CRITICAL WRITEUP
School Dormitory Management System 1.0 - SQL Injection via accounts/view_details.php
School Dormitory Management System 1.0 is vulnerable to SQL Injection via accounts/view_details.php:4.
1 stars
CVSS 9.8
CVE-2022-28077 NOMISEC MEDIUM WRITEUP
Home Owners Collection Management v1 - Reflected Cross-Site Scripting via Admin Panel $_GET['s'] Parameter
Home Owners Collection Management v1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in the Admin panel via the $_GET['s'] parameter.
1 stars
CVSS 6.1
CVE-2022-30510 NOMISEC CRITICAL WRITEUP
School Dormitory Management System 1.0 - SQL Injection via Daily Collection Report
School Dormitory Management System 1.0 is vulnerable to SQL Injection via reports/daily_collection_report.php:59.
1 stars
CVSS 9.8