partywavesec

6 exploits Active since Aug 2024
CVE-2024-42845 NOMISEC HIGH WORKING POC
InVesalius <3.1.99998 - Code Injection
An eval Injection vulnerability in the component invesalius/reader/dicom.py of InVesalius 3.1.99991 through 3.1.99998 allows attackers to execute arbitrary code via loading a crafted DICOM file.
3 stars
CVSS 8.0
CVE-2024-54819 NOMISEC CRITICAL WORKING POC
I, Librarian <= 5.11.1 - Server-Side Request Forgery via Improper Input Validation
I, Librarian before and including 5.11.1 is vulnerable to Server-Side Request Forgery (SSRF) due to improper input validation in classes/security/validation.php
1 stars
CVSS 9.1
CVE-2024-55557 NOMISEC CRITICAL WORKING POC
Weasis 4.5.1 - Use of Hard-coded Credentials in ProxyPrefView
ui/pref/ProxyPrefView.java in weasis-core in Weasis 4.5.1 has a hardcoded key for symmetric encryption of proxy credentials.
1 stars
CVSS 9.8
CVE-2024-42346 NOMISEC HIGH SUSPICIOUS
Galaxy < 24.1.1 - Stored Cross-Site Scripting via Visualization Editor
Galaxy is a free, open-source system for analyzing data, authoring workflows, training and education, publishing tools, managing infrastructure, and more. The editor visualization, /visualizations endpoint, can be used to store HTML tags and trigger javascript execution upon edit operation. All supported branches of Galaxy (and more back to release_20.05) were amended with the supplied patches. Users are advised to upgrade. There are no known workarounds for this vulnerability.
1 stars
CVSS 7.6
CVE-2025-55816 NOMISEC MEDIUM WRITEUP
HotelDruid < 3.0.7 - Cross-Site Scripting in /modifica_app.php
HotelDruid v3.0.7 and before is vulnerable to Cross Site Scripting (XSS) in the /modifica_app.php file.
CVSS 6.1
CVE-2026-25860 WRITEUP MEDIUM WRITEUP
OpenClinic GA 5.351.19 Reflected XSS via DICOM Image Upload Handler
OpenClinic GA 5.351.19 contains a reflected cross-site scripting vulnerability in the DICOM image upload handler that allows attackers to execute arbitrary JavaScript in a victim's browser by embedding malicious payloads in DICOM file metadata fields. Attackers can craft a DICOM file with JavaScript payloads in metadata fields such as Study Description, which are reflected without sanitization in popup.jsp and archiving/uploadfiles_jsp.java when processed through the Upload DICOM images feature.
CVSS 6.1