maikroservice

4 exploits Active since Sep 2021
CVE-2022-43332 NOMISEC MEDIUM WRITEUP
WonderCMS 3.3.4 - Stored Cross-Site Scripting via Site Title Field
A cross-site scripting (XSS) vulnerability in Wondercms v3.3.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Site title field of the Configuration Panel.
2 stars
CVSS 6.1
CVE-2022-3949 NOMISEC LOW WRITEUP
Simple Cashiering System - Cross-Site Scripting via User Account Handler Fullname Parameter
A vulnerability, which was classified as problematic, has been found in Sourcecodester Simple Cashiering System. This issue affects some unknown processing of the component User Account Handler. The manipulation of the argument fullname leads to cross site scripting. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-213455.
1 stars
CVSS 3.5
CVE-2021-40373 NOMISEC CRITICAL WORKING POC
playSMS < 1.4.5 - Arbitrary Code Execution via Core Main Config PHP Injection
playSMS before 1.4.5 allows Arbitrary Code Execution by entering PHP code at the #tabs-information-page of core_main_config, and then executing that code via the index.php?app=main&inc=core_welcome URI.
1 stars
CVSS 9.8
CVE-2022-3942 NOMISEC MEDIUM WRITEUP
Sanitization Management System - Cross-Site Scripting in Request Quote Page
A vulnerability was found in SourceCodester Sanitization Management System and classified as problematic. This issue affects some unknown processing of the file php-sms/?p=request_quote. The manipulation leads to cross site scripting. The attack may be initiated remotely. The identifier VDB-213449 was assigned to this vulnerability.
CVSS 4.3