paragbagul111

9 exploits Active since May 2023
CVE-2023-30145 NOMISEC CRITICAL WRITEUP
Camaleon CMS < 2.7.0 - Server-Side Template Injection via Formats Parameter
Camaleon CMS v2.7.0 was discovered to contain a Server-Side Template Injection (SSTI) vulnerability via the formats parameter.
7 stars
CVSS 9.8
CVE-2024-48652 NOMISEC MEDIUM WRITEUP
camaleon_cms 2.7.5 - Stored Cross-Site Scripting via Content Group Name Field
Cross Site Scripting vulnerability in camaleon-cms v.2.7.5 allows remote attacker to execute arbitrary code via the content group name field.
CVSS 4.8
CVE-2024-33209 NOMISEC MEDIUM SUSPICIOUS
FlatPress v1.3 - Stored Cross-Site Scripting in Add New Entry Section
FlatPress v1.3 is vulnerable to Cross Site Scripting (XSS). An attacker can inject malicious JavaScript code into the "Add New Entry" section, which allows them to execute arbitrary code in the context of a victim's web browser.
CVSS 5.4
CVE-2024-31835 NOMISEC MEDIUM WRITEUP
flatpress < 1.3 - Cross-Site Scripting via File Name Parameter
Cross Site Scripting vulnerability in flatpress CMS Flatpress v1.3 allows a remote attacker to execute arbitrary code via a crafted payload to the file name parameter.
CVSS 4.8
CVE-2024-33210 NOMISEC MEDIUM WORKING POC
Flatpress 1.3 - Stored Cross-Site Scripting
A cross-site scripting (XSS) vulnerability has been identified in Flatpress 1.3. This vulnerability allows an attacker to inject malicious scripts into web pages viewed by other users.
CVSS 5.4
CVE-2024-41290 NOMISEC HIGH WRITEUP
FlatPress CMS <1.3.1 - Info Disclosure
FlatPress CMS v1.3.1 1.3 was discovered to use insecure methods to store authentication data via the cookie's component.
CVSS 8.1
CVE-2024-25412 NOMISEC MEDIUM WORKING POC
Flatpress < 1.3 - Cross-Site Scripting via Email Field
A cross-site scripting (XSS) vulnerability in Flatpress v1.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the email field.
CVSS 6.1
CVE-2024-25411 NOMISEC MEDIUM WORKING POC
Flatpress < 1.3 - Cross-Site Scripting via Username Parameter in setup.php
A cross-site scripting (XSS) vulnerability in Flatpress v1.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username parameter in setup.php.
CVSS 6.1
CVE-2024-48652 WRITEUP MEDIUM WORKING POC
camaleon_cms 2.7.5 - Stored Cross-Site Scripting via Content Group Name Field
Cross Site Scripting vulnerability in camaleon-cms v.2.7.5 allows remote attacker to execute arbitrary code via the content group name field.
CVSS 4.8