faizzaidi

6 exploits Active since Mar 2017
CVE-2017-8382 NOMISEC MEDIUM WRITEUP
admidio 3.2.8 - Cross-Site Request Forgery in Members Function Module
admidio 3.2.8 has CSRF in adm_program/modules/members/members_function.php with an impact of deleting arbitrary user accounts.
3 stars
CVSS 4.5
CVE-2017-9609 NOMISEC MEDIUM WRITEUP
Blackcat CMS 1.2 - Authenticated Cross-Site Scripting via map_language Parameter
Cross-site scripting (XSS) vulnerability in Blackcat CMS 1.2 allows remote authenticated users to inject arbitrary web script or HTML via the map_language parameter to backend/pages/lang_settings.php.
2 stars
CVSS 5.4
CVE-2018-6518 NOMISEC MEDIUM WRITEUP
Composr CMS 10.0.13 - Cross-Site Scripting via site_name Parameter
Composr CMS 10.0.13 has XSS via the site_name parameter in a page=admin-setupwizard&type=step3 request to /adminzone/index.php.
2 stars
CVSS 4.8
CVE-2017-11611 NOMISEC MEDIUM WRITEUP
Wolf CMS 0.8.3.1 - Stored Cross-Site Scripting via File and Directory Name in File Manager Plugin
Wolf CMS 0.8.3.1 allows Cross-Site Scripting (XSS) attacks. The vulnerability exists due to insufficient sanitization of the file name in a "create-file-popup" action, and the directory name in a "create-directory-popup" action, in the HTTP POST method to the "/plugin/file_manager/" script (aka an /admin/plugin/file_manager/browse// URI).
2 stars
CVSS 5.4
CVE-2017-6370 NOMISEC MEDIUM WRITEUP
TYPO3 7.6.15 - Cleartext Transmission of Sensitive Information via Login Provider Request
TYPO3 7.6.15 sends an http request to an index.php?loginProvider URI in cases with an https Referer, which allows remote attackers to obtain sensitive cleartext information by sniffing the network and reading the userident and username fields.
2 stars
CVSS 5.3
CVE-2017-7188 NOMISEC MEDIUM WRITEUP
Zurmo < 3.1.1 - Cross-Site Scripting via Base64-Encoded SCRIPT Element in returnUrl Parameter
Zurmo 3.1.1 Stable allows a Cross-Site Scripting (XSS) attack with a base64-encoded SCRIPT element within a data: URL in the returnUrl parameter to default/toggleCollapse.
2 stars
CVSS 5.4