jaysharma786

7 exploits Active since Apr 2021
CVE-2021-29003 NOMISEC CRITICAL WRITEUP
Genexis PLATINUM 4410 2.1 P4410-V2-1.28 - Remote Code Execution via sys_config_valid.xgi
Genexis PLATINUM 4410 2.1 P4410-V2-1.28 devices allow remote attackers to execute arbitrary code via shell metacharacters to sys_config_valid.xgi, as demonstrated by the sys_config_valid.xgi?exeshell=%60telnetd%20%26%60 URI.
CVSS 9.8
CVE-2023-38303 WRITEUP MEDIUM WRITEUP
Webmin 2.021 - Stored Cross-Site Scripting in Users and Groups Real Name Parameter
An issue was discovered in Webmin 2.021. One can exploit a stored Cross-Site Scripting (XSS) attack to achieve Remote Command Execution (RCE) through the Users and Group's real name parameter.
CVSS 5.4
CVE-2023-38304 WRITEUP MEDIUM WRITEUP
Webmin 2.021 - Stored Cross-Site Scripting in Group Name Field
An issue was discovered in Webmin 2.021. A Stored Cross-Site Scripting (XSS) vulnerability was discovered in the Users and Groups functionality, allowing an attacker to store a malicious payload in the Group Name field when creating a new group.
CVSS 5.4
CVE-2023-38307 WRITEUP MEDIUM WRITEUP
Webmin 2.021 - Authenticated Stored Cross-Site Scripting in Users and Groups Real Name Field
An issue was discovered in Webmin 2.021. A Stored Cross-Site Scripting (XSS) vulnerability was discovered in the Users and Groups functionality. The vulnerability occurs when an authenticated user adds a new user and inserts an XSS payload into the user's real name.
CVSS 5.4
CVE-2023-38309 WRITEUP MEDIUM WRITEUP
Webmin 2.021 - Reflected Cross-Site Scripting via Package Search Field
An issue was discovered in Webmin 2.021. A Reflected Cross-Site Scripting (XSS) vulnerability was discovered in the package search functionality. The vulnerability allows an attacker to inject a malicious payload in the "Search for Package" field, which gets reflected back in the application's response, leading to the execution of arbitrary JavaScript code within the context of the victim's browser.
CVSS 6.1
CVE-2023-38310 WRITEUP MEDIUM WRITEUP
Webmin 2.021 - Stored Cross-Site Scripting in System Logs Configuration
An issue was discovered in Webmin 2.021. A Stored Cross-Site Scripting (XSS) vulnerability was discovered in the configuration settings of the system logs functionality. The vulnerability allows an attacker to store an XSS payload in the configuration settings of specific log files. This results in the execution of that payload whenever the affected log files are accessed.
CVSS 5.4
CVE-2023-38311 WRITEUP MEDIUM WRITEUP
Webmin 2.021 - Stored Cross-Site Scripting in System Logs Viewer
An issue was discovered in Webmin 2.021. A Stored Cross-Site Scripting (XSS) vulnerability was discovered in the System Logs Viewer functionality. The vulnerability allows an attacker to store a malicious payload in the configuration field, triggering the execution of the payload when saving the configuration or when accessing the System Logs Viewer page.
CVSS 5.4