sromanhu

39 exploits Active since Sep 2023
CVE-2023-41436 NOMISEC MEDIUM WRITEUP
CSZCMS 1.3.0 - Stored Cross-Site Scripting via Additional Meta Tag Parameter
Cross Site Scripting vulnerability in CSZCMS v.1.3.0 allows a local attacker to execute arbitrary code via a crafted script to the Additional Meta Tag parameter in the Pages Content Menu component.
CVSS 5.4
CVE-2023-43339 NOMISEC MEDIUM WRITEUP
CMS Made Simple 2.2.18 - Stored Cross-Site Scripting via Database Configuration Parameters
Cross-Site Scripting (XSS) vulnerability in cmsmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted payload injected into the Database Name, DataBase User or Database Port components.
CVSS 6.1
CVE-2023-43340 NOMISEC MEDIUM WRITEUP
evolution_cms 3.2.3 - Cross-Site Scripting via cmsadmin, cmsadminemail, cmspassword, and cmspasswordconfirm Parameters
Cross-site scripting (XSS) vulnerability in evolution v.3.2.3 allows a local attacker to execute arbitrary code via a crafted payload injected into the cmsadmin, cmsadminemail, cmspassword and cmspasswordconfim parameters
CVSS 5.2
CVE-2023-43341 NOMISEC MEDIUM WRITEUP
evolution_cms 3.2.3 - Cross-Site Scripting via UID Parameter
Cross-site scripting (XSS) vulnerability in evolution evo v.3.2.3 allows a local attacker to execute arbitrary code via a crafted payload injected uid parameter.
CVSS 6.1
CVE-2023-43342 NOMISEC MEDIUM WRITEUP
Quick CMS 6.7 - Stored Cross-Site Scripting in Languages Menu Component
Cross-site scripting (XSS) vulnerability in opensolution Quick CMS v.6.7 allows a local attacker to execute arbitrary code via a crafted script to the Languages Menu component.
CVSS 5.4
CVE-2023-43343 NOMISEC MEDIUM WRITEUP
Quick CMS 6.7 - Stored Cross-Site Scripting via Pages Menu Files Description Parameter
Cross-site scripting (XSS) vulnerability in opensolution Quick CMS v.6.7 allows a local attacker to execute arbitrary code via a crafted script to the Files - Description parameter in the Pages Menu component.
CVSS 5.4
CVE-2023-43344 NOMISEC MEDIUM WRITEUP
Quick CMS 6.7 - Stored Cross-Site Scripting via SEO Meta Description Parameter
Cross-site scripting (XSS) vulnerability in opensolution Quick CMS v.6.7 allows a local attacker to execute arbitrary code via a crafted script to the SEO - Meta description parameter in the Pages Menu component.
CVSS 5.4
CVE-2023-43345 NOMISEC HIGH WRITEUP
Quick CMS 6.7 - Stored Cross-Site Scripting via Pages Menu Content Name Parameter
Cross-site scripting (XSS) vulnerability in opensolution Quick CMS v.6.7 allows a local attacker to execute arbitrary code via a crafted script to the Content - Name parameter in the Pages Menu component.
CVSS 8.6
CVE-2023-43346 NOMISEC MEDIUM WRITEUP
Quick CMS 6.7 - Stored Cross-Site Scripting in Languages Menu Backend Dashboard Parameter
Cross-site scripting (XSS) vulnerability in opensolution Quick CMS v.6.7 allows a local attacker to execute arbitrary code via a crafted script to the Backend - Dashboard parameter in the Languages Menu component.
CVSS 5.4
CVE-2023-43352 NOMISEC HIGH WRITEUP
CMS Made Simple 2.2.18 - Server-Side Template Injection via Content Manager Menu
An issue in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted payload to the Content Manager Menu component.
CVSS 7.8
CVE-2023-43353 NOMISEC MEDIUM WRITEUP
CMS Made Simple 2.2.18 - Stored Cross-Site Scripting via News Menu Extra Parameter
Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the extra parameter in the news menu component.
CVSS 5.4
CVE-2023-43354 NOMISEC MEDIUM WRITEUP
CMS Made Simple 2.2.18 - Stored Cross-Site Scripting in MicroTiny WYSIWYG Editor Profiles Parameter
Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Profiles parameter in the Extensions -MicroTiny WYSIWYG editor component.
CVSS 5.4
CVE-2023-43355 NOMISEC MEDIUM WRITEUP
CMS Made Simple 2.2.18 - Cross-Site Scripting via My Preferences Add User Password Parameters
Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the password and password again parameters in the My Preferences - Add user component.
CVSS 5.4
CVE-2023-43356 NOMISEC MEDIUM WRITEUP
CMS Made Simple 2.2.18 - Stored Cross-Site Scripting in Global Metadata Parameter
Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Global Meatadata parameter in the Global Settings Menu component.
CVSS 5.4
CVE-2023-43357 NOMISEC MEDIUM WRITEUP
CMS Made Simple 2.2.18 - Stored Cross-Site Scripting via Manage Shortcuts Title Parameter
Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Title parameter in the Manage Shortcuts component.
CVSS 5.4
CVE-2023-43358 NOMISEC MEDIUM WRITEUP
CMS Made Simple 2.2.18 - Stored Cross-Site Scripting via News Menu Title Parameter
Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Title parameter in the News Menu component.
CVSS 5.4
CVE-2023-43359 NOMISEC MEDIUM WORKING POC
CMS Made Simple 2.2.18 - Stored Cross-Site Scripting via Page Specific Metadata and Smarty Data Parameters
Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Page Specific Metadata and Smarty data parameters in the Content Manager Menu component.
CVSS 5.4
CVE-2023-43360 NOMISEC MEDIUM WRITEUP
CMS Made Simple 2.2.18 - Stored Cross-Site Scripting via File Picker Top Directory Parameter
Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Top Directory parameter in the File Picker Menu component.
CVSS 5.4
CVE-2023-43871 NOMISEC MEDIUM WRITEUP
WBCE CMS 1.6.1 - Stored Cross-Site Scripting via PDF File Upload
A File upload vulnerability in WBCE v.1.6.1 allows a local attacker to upload a pdf file with hidden Cross Site Scripting (XSS).
CVSS 5.4
CVE-2023-43872 NOMISEC MEDIUM WRITEUP
CMS Made Simple 2.2.18 - Stored Cross-Site Scripting via PDF File Upload
A File upload vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to upload a pdf file with hidden Cross Site Scripting (XSS).
CVSS 5.4
CVE-2023-43873 NOMISEC MEDIUM WRITEUP
e107 CMS 2.3.2 - Stored Cross-Site Scripting via Manage Menu Name Field
A Cross Site Scripting (XSS) vulnerability in e017 CMS v.2.3.2 allows a local attacker to execute arbitrary code via a crafted script to the Name filed in the Manage Menu.
CVSS 5.4
CVE-2023-43874 NOMISEC MEDIUM WORKING POC
e107 CMS 2.3.2 - Stored Cross-Site Scripting in Meta & Custom Tags Menu
Multiple Cross Site Scripting (XSS) vulnerability in e017 CMS v.2.3.2 allows a local attacker to execute arbitrary code via a crafted script to the Copyright and Author fields in the Meta & Custom Tags Menu.
CVSS 5.4
CVE-2023-43875 NOMISEC MEDIUM WORKING POC
Subrion CMS 4.2.1 - Reflected Cross-Site Scripting via Installation Parameters
Multiple Cross-Site Scripting (XSS) vulnerabilities in installation of Subrion CMS v.4.2.1 allows a local attacker to execute arbitrary web scripts via a crafted payload injected into the dbhost, dbname, dbuser, adminusername and adminemail.
CVSS 6.1
CVE-2023-43876 NOMISEC MEDIUM WORKING POC
October CMS 3.4.16 - Cross-Site Scripting via Installation dbhost Field
A Cross-Site Scripting (XSS) vulnerability in installation of October v.3.4.16 allows an attacker to execute arbitrary web scripts via a crafted payload injected into the dbhost field.
CVSS 5.4
CVE-2023-43877 NOMISEC MEDIUM WRITEUP
Rite CMS 3.0 - XSS
Rite CMS 3.0 has Multiple Cross-Site scripting (XSS) vulnerabilities that allow attackers to execute arbitrary code via a payload crafted in the Home Page fields in the Administration menu.
CVSS 4.8