bypazs

14 exploits Active since Feb 2020
CVE-2022-42094 NOMISEC MEDIUM WRITEUP
Backdrop - XSS
Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the 'Card' content.
1 stars
CVSS 4.8
CVE-2022-32060 NOMISEC MEDIUM WRITEUP
Snipeitapp Snipe-it - XSS
An arbitrary file upload vulnerability in the Update Branding Settings component of Snipe-IT v6.0.2 allows attackers to execute arbitrary code via a crafted file.
1 stars
CVSS 4.8
CVE-2022-32114 NOMISEC HIGH WRITEUP
Strapi - Unrestricted File Upload
An unrestricted file upload vulnerability in the Add New Assets function of Strapi 4.1.12 allows attackers to conduct XSS attacks via a crafted PDF file. NOTE: the project documentation suggests that a user with the Media Library "Create (upload)" permission is supposed to be able to upload PDF files containing JavaScript, and that all files in a public assets folder are accessible to the outside world (unless the filename begins with a dot character). The administrator can choose to allow only image, video, and audio files (i.e., not PDF) if desired.
1 stars
CVSS 8.8
CVE-2022-42096 NOMISEC MEDIUM WRITEUP
Backdropcms Backdrop Cms - XSS
Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via Post content.
1 stars
CVSS 4.8
CVE-2022-42098 NOMISEC HIGH WRITEUP
Klik-socialmediawebsite - SQL Injection
KLiK SocialMediaWebsite version v1.0.1 is vulnerable to SQL Injection via the profile.php.
1 stars
CVSS 8.8
CVE-2022-42097 NOMISEC MEDIUM WRITEUP
Backdrop - XSS
Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via 'Comment.' .
1 stars
CVSS 4.8
CVE-2020-0668 NOMISEC HIGH WRITEUP
Microsoft Windows 10 - Incorrect Permission Assignment
An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0669, CVE-2020-0670, CVE-2020-0671, CVE-2020-0672.
1 stars
CVSS 7.8
CVE-2023-26984 NOMISEC HIGH WRITEUP
Peppermint <0.2.4 - Info Disclosure
An issue in the password reset function of Peppermint v0.2.4 allows attackers to access the emails and passwords of the Tickets page via a crafted request.
CVSS 8.1
CVE-2023-26982 NOMISEC MEDIUM WRITEUP
Trudesk v1.2.6 - XSS
Trudesk v1.2.6 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Add Tags parameter under the Create Ticket function.
CVSS 5.4
CVE-2023-26982 NOMISEC MEDIUM WRITEUP
Trudesk v1.2.6 - XSS
Trudesk v1.2.6 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Add Tags parameter under the Create Ticket function.
CVSS 5.4
CVE-2022-34962 NOMISEC MEDIUM WRITEUP
Openteknik Open Source Social Network - XSS
OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Group Timeline module.
CVSS 5.4
CVE-2022-34961 NOMISEC MEDIUM WRITEUP
Openteknik Open Source Social Network - XSS
OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Users Timeline module.
CVSS 5.4
CVE-2022-42095 NOMISEC MEDIUM WRITEUP
Backdropcms Backdrop Cms - XSS
Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Page content.
CVSS 4.8
CVE-2022-34963 NOMISEC MEDIUM WRITEUP
Openteknik Open Source Social Network - XSS
OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered to contain a stored cross-site scripting (XSS) vulnerability via the News Feed module.
CVSS 5.4