g33xter

2 exploits Active since Jul 2020

CVE-2020-9496 NOMISEC MEDIUM WORKING POC

Apache OFBiz 17.12.03 - Deserialization of Untrusted Data and Cross-Site Scripting via XML-RPC Requests

XML-RPC request are vulnerable to unsafe deserialization and Cross-Site Scripting issues in Apache OFBiz 17.12.03

7 stars

CVSS 6.1

View Code

CVE-2021-28079 NOMISEC MEDIUM WORKING POC

jamovi <= 1.6.18 - Stored Cross-Site Scripting via Column Name in .omv File

Jamovi <=1.6.18 is affected by a cross-site scripting (XSS) vulnerability. The column-name is vulnerable to XSS in the ElectronJS Framework. An attacker can make a .omv (Jamovi) document containing a payload. When opened by victim, the payload is triggered.

4 stars

CVSS 6.1

View Code