purple-WL

3 exploits Active since Jan 2019
CVE-2022-21661 NOMISEC HIGH WORKING POC
Wordpress < 3.7.37 - SQL Injection
WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. Due to improper sanitization in WP_Query, there can be cases where SQL injection is possible through plugins or themes that use it in a certain way. This has been patched in WordPress version 5.8.3. Older affected versions are also fixed via security release, that go back till 3.7.37. We strongly recommend that you keep auto-updates enabled. There are no known workarounds for this vulnerability.
17 stars
CVSS 8.0
CVE-2022-39197 NOMISEC MEDIUM WRITEUP
Helpsystems Cobalt Strike < 4.7.1 - XSS
An XSS (Cross Site Scripting) vulnerability was found in HelpSystems Cobalt Strike through 4.7 that allowed a remote attacker to execute HTML on the Cobalt Strike teamserver. To exploit the vulnerability, one must first inspect a Cobalt Strike payload, and then modify the username field in the payload (or create a new payload with the extracted information and then modify that username field to be malformed).
1 stars
CVSS 6.1
CVE-2019-1003000 NOMISEC HIGH WORKING POC
Script Security Plugin <1.49 - RCE
A sandbox bypass vulnerability exists in Script Security Plugin 1.49 and earlier in src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovySandbox.java that allows attackers with the ability to provide sandboxed scripts to execute arbitrary code on the Jenkins master JVM.
1 stars
CVSS 8.8