onurcangnc

2 exploits Active since Sep 2025
CVE-2025-57520 NOMISEC MEDIUM WRITEUP
Decap CMS < 3.8.3 - Stored Cross-Site Scripting in Content Preview Pane
A Cross Site Scripting (XSS) vulnerability exists in Decap CMS thru 3.8.3. Input fields such as body, tags, title, and description are not properly sanitized before being rendered in the content preview pane. This enables an attacker to inject arbitrary JavaScript which executes whenever a user views the preview panel. The vulnerability affects multiple input vectors and does not require user interaction beyond viewing the affected content.
CVSS 6.1
CVE-2025-10878 NOMISEC CRITICAL WRITEUP
Fikir Odalari AdminPando < 1.0.1 - Unauthenticated SQL Injection via Login Parameters
A SQL injection vulnerability exists in the login functionality of Fikir Odalari AdminPando 1.0.1 before 2026-01-26. The username and password parameters are vulnerable to SQL injection, allowing unauthenticated attackers to bypass authentication completely. Successful exploitation grants full administrative access to the application, including the ability to manipulate the public-facing website content (HTML/DOM manipulation).
CVSS 10.0