mkelepce

4 exploits Active since May 2020
CVE-2020-12629 NOMISEC MEDIUM WORKING POC
osTicket < 1.14.2 - Stored Cross-Site Scripting via SLA Name
include/class.sla.php in osTicket before 1.14.2 allows XSS via the SLA Name.
CVSS 5.4
CVE-2020-13094 NOMISEC MEDIUM WORKING POC
Dolibarr < 11.0.4 - Cross-Site Scripting
Dolibarr before 11.0.4 allows XSS.
CVSS 5.4
CVE-2020-13424 NOMISEC MEDIUM WORKING POC
XCloner < 3.5.4 - Authenticated Local File Disclosure
The XCloner component before 3.5.4 for Joomla! allows Authenticated Local File Disclosure.
CVSS 6.5
CVE-2020-13996 NOMISEC HIGH WORKING POC
J2Store < 3.3.13 - Authenticated SQL Injection
The J2Store plugin before 3.3.13 for Joomla! allows a SQL injection attack by a trusted store manager.
CVSS 8.8