j5s

7 exploits Active since Dec 2020
CVE-2020-36932 EXPLOITDB MEDIUM text WORKING POC
SeaCMS 11.1 - Stored Cross-Site Scripting via Checkuser Parameter
SeaCMS 11.1 contains a stored cross-site scripting vulnerability in the checkuser parameter of the admin settings page. Attackers can inject malicious JavaScript payloads that will execute in users' browsers when the page is loaded.
CVSS 6.1
CVE-2020-36956 EXPLOITDB MEDIUM text WORKING POC
Openfire < 4.6.0 - Stored Cross-Site Scripting via NodeJS Plugin Path Parameter
Openfire 4.6.0 contains a stored cross-site scripting vulnerability in the nodejs plugin that allows attackers to inject malicious scripts through the 'path' parameter. Attackers can craft a payload with script tags to execute arbitrary JavaScript in the context of administrative users viewing the nodejs configuration page.
CVSS 6.4
CVE-2020-35202 EXPLOITDB MEDIUM text WORKING POC
Ignite Realtime Openfire 4.6.0 - Stored Cross-Site Scripting in DB Access Plugin
Ignite Realtime Openfire 4.6.0 has plugins/dbaccess/db-access.jsp sql Stored XSS.
CVSS 5.4
CVE-2020-35201 EXPLOITDB MEDIUM text WORKING POC
Ignite Realtime Openfire 4.6.0 - XSS
Ignite Realtime Openfire 4.6.0 has create-bookmark.jsp users Stored XSS.
CVSS 5.4
CVE-2020-35199 EXPLOITDB MEDIUM text WORKING POC
Ignite Realtime Openfire 4.6.0 - XSS
Ignite Realtime Openfire 4.6.0 has create-bookmark.jsp groupchatJID Stored XSS.
CVSS 5.4
EIP-2026-104423 EXPLOITDB text WORKING POC
Seacms 11.1 - 'file' Local File Inclusion
EIP-2026-104424 EXPLOITDB text WORKING POC
Seacms 11.1 - 'ip and weburl' Remote Command Execution