bypazs

14 exploits Active since Feb 2020
CVE-2022-42094 NOMISEC MEDIUM WRITEUP
Backdrop CMS 1.23.0 - Stored Cross-Site Scripting via Card Content
Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the 'Card' content.
1 stars
CVSS 4.8
CVE-2022-32060 NOMISEC MEDIUM WRITEUP
Snipe-IT v6.0.2 - Arbitrary File Upload and Remote Code Execution via Update Branding Settings
An arbitrary file upload vulnerability in the Update Branding Settings component of Snipe-IT v6.0.2 allows attackers to execute arbitrary code via a crafted file.
1 stars
CVSS 4.8
CVE-2022-32114 NOMISEC HIGH WRITEUP
Strapi 4.1.12 - Stored Cross-Site Scripting via PDF Upload in Add New Assets
An unrestricted file upload vulnerability in the Add New Assets function of Strapi 4.1.12 allows attackers to conduct XSS attacks via a crafted PDF file. NOTE: the project documentation suggests that a user with the Media Library "Create (upload)" permission is supposed to be able to upload PDF files containing JavaScript, and that all files in a public assets folder are accessible to the outside world (unless the filename begins with a dot character). The administrator can choose to allow only image, video, and audio files (i.e., not PDF) if desired.
1 stars
CVSS 8.8
CVE-2022-42096 NOMISEC MEDIUM WRITEUP
Backdrop CMS 1.23.0 - Stored Cross-Site Scripting via Post Content
Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via Post content.
1 stars
CVSS 4.8
CVE-2022-42098 NOMISEC HIGH WRITEUP
KLiK SocialMediaWebsite v1.0.1 - SQL Injection via profile.php
KLiK SocialMediaWebsite version v1.0.1 is vulnerable to SQL Injection via the profile.php.
1 stars
CVSS 8.8
CVE-2022-42097 NOMISEC MEDIUM WRITEUP
Backdrop CMS 1.23.0 - Stored Cross-Site Scripting via Comment
Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via 'Comment.' .
1 stars
CVSS 4.8
CVE-2020-0668 NOMISEC HIGH WRITEUP
Windows - Elevation of Privilege via Kernel Memory Object Handling
An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0669, CVE-2020-0670, CVE-2020-0671, CVE-2020-0672.
1 stars
CVSS 7.8
CVE-2023-26984 NOMISEC HIGH WRITEUP
Peppermint <0.2.4 - Info Disclosure
An issue in the password reset function of Peppermint v0.2.4 allows attackers to access the emails and passwords of the Tickets page via a crafted request.
CVSS 8.1
CVE-2023-26982 NOMISEC MEDIUM WRITEUP
Trudesk v1.2.6 - Stored Cross-Site Scripting via Add Tags Parameter
Trudesk v1.2.6 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Add Tags parameter under the Create Ticket function.
CVSS 5.4
CVE-2023-26982 NOMISEC MEDIUM WRITEUP
Trudesk v1.2.6 - Stored Cross-Site Scripting via Add Tags Parameter
Trudesk v1.2.6 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Add Tags parameter under the Create Ticket function.
CVSS 5.4
CVE-2022-34962 NOMISEC MEDIUM WRITEUP
Open Source Social Network 6.3 - Stored Cross-Site Scripting in Group Timeline Module
OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Group Timeline module.
CVSS 5.4
CVE-2022-34961 NOMISEC MEDIUM WRITEUP
Open Source Social Network 6.3 - Stored Cross-Site Scripting via Users Timeline Module
OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Users Timeline module.
CVSS 5.4
CVE-2022-42095 NOMISEC MEDIUM WRITEUP
Backdrop CMS 1.23.0 - Stored Cross-Site Scripting via Page Content
Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Page content.
CVSS 4.8
CVE-2022-34963 NOMISEC MEDIUM WRITEUP
Open Source Social Network 6.3 LTS - Stored Cross-Site Scripting via News Feed Module
OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered to contain a stored cross-site scripting (XSS) vulnerability via the News Feed module.
CVSS 5.4