pradeepjairamani

2 exploits Active since Feb 2018
CVE-2018-6905 NOMISEC MEDIUM WRITEUP
TYPO3 < 8.7.11 and 9.1.0 - Stored Cross-Site Scripting via Site Name Configuration
The page module in TYPO3 before 8.7.11, and 9.1.0, has XSS via $GLOBALS['TYPO3_CONF_VARS']['SYS']['sitename'], as demonstrated by an admin entering a crafted site name during the installation process.
5 stars
CVSS 4.8
CVE-2018-6890 NOMISEC MEDIUM WRITEUP
Wolf CMS 0.8.3.1 - Stored Cross-Site Scripting via Page Editing Feature
Cross-site scripting (XSS) vulnerability in Wolf CMS 0.8.3.1 via the page editing feature, as demonstrated by /?/admin/page/edit/3.
2 stars
CVSS 4.8