navsec - Security Researcher - Exploit Intelligence Platform

CVE-2022-45326 GITHUB MEDIUM python WORKING POC

Kwoksys Information Server < 2.9.5 - XXE

An XML external entity (XXE) injection vulnerability in Kwoksys Kwok Information Server before v2.9.5.SP31 allows remote authenticated users to conduct server-side request forgery (SSRF) attacks.

CVSS 4.9

View Code

CVE-2023-6128 GITHUB MEDIUM python WORKING POC

GitHub salesagility/suitecrm <7.14.2-8.4.2 - XSS

Cross-site Scripting (XSS) - Reflected in GitHub repository salesagility/suitecrm prior to 7.14.2, 7.12.14, 8.4.2.

CVSS 5.4

View Code

CVE-2023-6130 GITHUB HIGH python WORKING POC

salesagility/suitecrm <7.14.2-8.4.2 - Path Traversal

Path Traversal: '\..\filename' in GitHub repository salesagility/suitecrm prior to 7.14.2, 7.12.14, 8.4.2.

CVSS 8.8

View Code

CVE-2023-6131 GITHUB HIGH python WORKING POC

salesagility/suitecrm <7.14.2-8.4.2 - Code Injection

Code Injection in GitHub repository salesagility/suitecrm prior to 7.14.2, 7.12.14, 8.4.2.

CVSS 8.8

View Code