ellite

3 exploits Active since Feb 2024
CVE-2024-22776 WRITEUP MEDIUM WRITEUP
wallos 0.9-1.2.2 - Stored Cross-Site Scripting in Text-Based Input Fields
Wallos 0.9 is vulnerable to Cross Site Scripting (XSS) in all text-based input fields without proper validation, excluding those requiring specific formats like date fields.
CVSS 4.7
CVE-2024-29320 WRITEUP HIGH WRITEUP
wallos < 1.15.3 - SQL Injection via Category and Payment Parameters
Wallos before 1.15.3 is vulnerable to SQL Injection via the category and payment parameters to /subscriptions/get.php.
CVSS 8.1
CVE-2025-60535 WRITEUP HIGH WRITEUP
Wallos 4.1.1 - Cross-Site Request Forgery via Currency Endpoint
A Cross-Site Request Forgery (CSRF) in the component /endpoints/currency/currency of Wallos v4.1.1 allows attackers to execute arbitrary operations via a crafted GET request.
CVSS 7.3