syad

6 exploits Active since Aug 2022
CVE-2022-36194 WRITEUP MEDIUM WRITEUP
Centreon 22.04.0 - XSS
Centreon 22.04.0 is vulnerable to Cross Site Scripting (XSS) from the function Pollers > Broker Configuration by adding a crafted payload into the name parameter.
CVSS 5.4
CVE-2022-36669 WRITEUP CRITICAL WORKING POC
Hospital Information System - SQL Injection
Hospital Information System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
CVSS 9.8
CVE-2022-37137 WRITEUP MEDIUM WORKING POC
Techvill Paymoney - XSS
PayMoney 3.3 is vulnerable to Stored Cross-Site Scripting (XSS) during replying the ticket. The XSS can be obtain from injecting under "Message" field with "description" parameter with the specially crafted payload to gain Stored XSS. The XSS then will prompt after that or can be access from the view ticket function.
CVSS 5.4
CVE-2022-37140 WRITEUP HIGH WORKING POC
Techvill Paymoney - Unrestricted File Upload
PayMoney 3.3 is vulnerable to Client Side Remote Code Execution (RCE). The vulnerability exists on the reply ticket function and upload the malicious file. A calculator will open when the victim who download the file open the RTF file.
CVSS 8.0
EIP-2026-114110 EXPLOITDB text WORKING POC
WordPress Plugin Testimonial Slider and Showcase 2.2.6 - Stored Cross-Site Scripting (XSS)
EIP-2026-113919 EXPLOITDB text WORKING POC
WordPress Plugin Netroics Blog Posts Grid 1.0 - Stored Cross-Site Scripting (XSS)