faizzaidi

6 exploits Active since Mar 2017
CVE-2017-8382 NOMISEC MEDIUM WRITEUP
Admidio < 4.1-Beta.1 - CSRF
admidio 3.2.8 has CSRF in adm_program/modules/members/members_function.php with an impact of deleting arbitrary user accounts.
3 stars
CVSS 4.5
CVE-2017-9609 NOMISEC MEDIUM WRITEUP
Blackcat CMS 1.2 - XSS
Cross-site scripting (XSS) vulnerability in Blackcat CMS 1.2 allows remote authenticated users to inject arbitrary web script or HTML via the map_language parameter to backend/pages/lang_settings.php.
2 stars
CVSS 5.4
CVE-2018-6518 NOMISEC MEDIUM WRITEUP
Composr Cms - XSS
Composr CMS 10.0.13 has XSS via the site_name parameter in a page=admin-setupwizard&type=step3 request to /adminzone/index.php.
2 stars
CVSS 4.8
CVE-2017-11611 NOMISEC MEDIUM WRITEUP
Wolf CMS 0.8.3.1 - XSS
Wolf CMS 0.8.3.1 allows Cross-Site Scripting (XSS) attacks. The vulnerability exists due to insufficient sanitization of the file name in a "create-file-popup" action, and the directory name in a "create-directory-popup" action, in the HTTP POST method to the "/plugin/file_manager/" script (aka an /admin/plugin/file_manager/browse// URI).
2 stars
CVSS 5.4
CVE-2017-6370 NOMISEC MEDIUM WRITEUP
Typo3 - Cleartext Transmission
TYPO3 7.6.15 sends an http request to an index.php?loginProvider URI in cases with an https Referer, which allows remote attackers to obtain sensitive cleartext information by sniffing the network and reading the userident and username fields.
2 stars
CVSS 5.3
CVE-2017-7188 NOMISEC MEDIUM WRITEUP
Zurmo 3.1.1 - XSS
Zurmo 3.1.1 Stable allows a Cross-Site Scripting (XSS) attack with a base64-encoded SCRIPT element within a data: URL in the returnUrl parameter to default/toggleCollapse.
2 stars
CVSS 5.4