Nomisec Exploits

22,796 exploits tracked across all sources.

Sort: Activity Stars
CVE-2023-43878 NOMISEC MEDIUM
Rite CMS 3.0 - XSS
Rite CMS 3.0 has Multiple Cross-Site scripting (XSS) vulnerabilities that allow attackers to execute arbitrary code via a crafted payload into the Main Menu Items in the Administration Menu.
by sromanhu
CVSS 5.4
CVE-2023-43877 NOMISEC MEDIUM
Rite CMS 3.0 - XSS
Rite CMS 3.0 has Multiple Cross-Site scripting (XSS) vulnerabilities that allow attackers to execute arbitrary code via a payload crafted in the Home Page fields in the Administration menu.
by sromanhu
CVSS 4.8
CVE-2023-41436 NOMISEC MEDIUM
CSZCMS 1.3.0 - Stored Cross-Site Scripting via Additional Meta Tag Parameter
Cross Site Scripting vulnerability in CSZCMS v.1.3.0 allows a local attacker to execute arbitrary code via a crafted script to the Additional Meta Tag parameter in the Pages Content Menu component.
by sromanhu
CVSS 5.4
CVE-2023-40989 NOMISEC CRITICAL
jeecg-boot < 3.6.0 - SQL Injection via Report Query Field Endpoint
SQL injection vulnerbility in jeecgboot jeecg-boot v 3.0, 3.5.3 that allows a remote attacker to execute arbitrary code via a crafted request to the report/jeecgboot/jmreport/queryFieldBySql component.
by Zone1-Z
CVSS 9.8
CVE-2023-31719 NOMISEC CRITICAL
FUXA <= 1.1.12 - SQL Injection via /api/signin
FUXA <= 1.1.12 is vulnerable to SQL Injection via /api/signin.
by MateusTesser
CVSS 9.8
CVE-2023-31718 NOMISEC HIGH
FUXA <= 1.1.12 - Local File Inclusion via /api/download
FUXA <= 1.1.12 is vulnerable to Local via Inclusion via /api/download.
by MateusTesser
CVSS 7.5
CVE-2023-31717 NOMISEC HIGH
FUXA <= 1.1.12 - SQL Injection
A SQL Injection attack in FUXA <= 1.1.12 allows exfiltration of confidential information from the database.
by MateusTesser
CVSS 7.5
CVE-2023-31716 NOMISEC HIGH
FUXA <= 1.1.12 - Local File Inclusion
FUXA <= 1.1.12 has a Local File Inclusion vulnerability via file=fuxa.log
by MateusTesser
CVSS 7.5
CVE-2023-25136 NOMISEC MEDIUM
OpenSSH 9.1 - Unauthenticated Double Free in KEX Algorithms Handling
OpenSSH server (sshd) 9.1 introduced a double-free vulnerability during options.kex_algorithms handling. This is fixed in OpenSSH 9.2. The double free can be leveraged, by an unauthenticated remote attacker in the default configuration, to jump to any location in the sshd address space. One third-party report states "remote code execution is theoretically possible."
by malvika-thakur
3 stars
CVSS 6.5
CVE-2023-43356 NOMISEC MEDIUM
CMS Made Simple 2.2.18 - Stored Cross-Site Scripting in Global Metadata Parameter
Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Global Meatadata parameter in the Global Settings Menu component.
by sromanhu
CVSS 5.4
CVE-2023-43359 NOMISEC MEDIUM
CMS Made Simple 2.2.18 - Stored Cross-Site Scripting via Page Specific Metadata and Smarty Data Parameters
Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Page Specific Metadata and Smarty data parameters in the Content Manager Menu component.
by sromanhu
CVSS 5.4
CVE-2023-43360 NOMISEC MEDIUM
CMS Made Simple 2.2.18 - Stored Cross-Site Scripting via File Picker Top Directory Parameter
Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Top Directory parameter in the File Picker Menu component.
by sromanhu
CVSS 5.4
CVE-2023-43354 NOMISEC MEDIUM
CMS Made Simple 2.2.18 - Stored Cross-Site Scripting in MicroTiny WYSIWYG Editor Profiles Parameter
Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Profiles parameter in the Extensions -MicroTiny WYSIWYG editor component.
by sromanhu
CVSS 5.4
CVE-2023-43358 NOMISEC MEDIUM
CMS Made Simple 2.2.18 - Stored Cross-Site Scripting via News Menu Title Parameter
Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Title parameter in the News Menu component.
by sromanhu
CVSS 5.4
CVE-2023-43353 NOMISEC MEDIUM
CMS Made Simple 2.2.18 - Stored Cross-Site Scripting via News Menu Extra Parameter
Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the extra parameter in the news menu component.
by sromanhu
CVSS 5.4
CVE-2023-43357 NOMISEC MEDIUM
CMS Made Simple 2.2.18 - Stored Cross-Site Scripting via Manage Shortcuts Title Parameter
Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Title parameter in the Manage Shortcuts component.
by sromanhu
CVSS 5.4
CVE-2023-43355 NOMISEC MEDIUM
CMS Made Simple 2.2.18 - Cross-Site Scripting via My Preferences Add User Password Parameters
Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the password and password again parameters in the My Preferences - Add user component.
by sromanhu
CVSS 5.4
CVE-2023-43352 NOMISEC HIGH
CMS Made Simple 2.2.18 - Server-Side Template Injection via Content Manager Menu
An issue in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted payload to the Content Manager Menu component.
by sromanhu
CVSS 7.8
CVE-2023-43341 NOMISEC MEDIUM
evolution_cms 3.2.3 - Cross-Site Scripting via UID Parameter
Cross-site scripting (XSS) vulnerability in evolution evo v.3.2.3 allows a local attacker to execute arbitrary code via a crafted payload injected uid parameter.
by sromanhu
CVSS 6.1
CVE-2023-43340 NOMISEC MEDIUM
evolution_cms 3.2.3 - Cross-Site Scripting via cmsadmin, cmsadminemail, cmspassword, and cmspasswordconfirm Parameters
Cross-site scripting (XSS) vulnerability in evolution v.3.2.3 allows a local attacker to execute arbitrary code via a crafted payload injected into the cmsadmin, cmsadminemail, cmspassword and cmspasswordconfim parameters
by sromanhu
CVSS 5.2
CVE-2023-43343 NOMISEC MEDIUM
Quick CMS 6.7 - Stored Cross-Site Scripting via Pages Menu Files Description Parameter
Cross-site scripting (XSS) vulnerability in opensolution Quick CMS v.6.7 allows a local attacker to execute arbitrary code via a crafted script to the Files - Description parameter in the Pages Menu component.
by sromanhu
CVSS 5.4
CVE-2023-43345 NOMISEC HIGH
Quick CMS 6.7 - Stored Cross-Site Scripting via Pages Menu Content Name Parameter
Cross-site scripting (XSS) vulnerability in opensolution Quick CMS v.6.7 allows a local attacker to execute arbitrary code via a crafted script to the Content - Name parameter in the Pages Menu component.
by sromanhu
CVSS 8.6
CVE-2023-43344 NOMISEC MEDIUM
Quick CMS 6.7 - Stored Cross-Site Scripting via SEO Meta Description Parameter
Cross-site scripting (XSS) vulnerability in opensolution Quick CMS v.6.7 allows a local attacker to execute arbitrary code via a crafted script to the SEO - Meta description parameter in the Pages Menu component.
by sromanhu
CVSS 5.4
CVE-2023-43346 NOMISEC MEDIUM
Quick CMS 6.7 - Stored Cross-Site Scripting in Languages Menu Backend Dashboard Parameter
Cross-site scripting (XSS) vulnerability in opensolution Quick CMS v.6.7 allows a local attacker to execute arbitrary code via a crafted script to the Backend - Dashboard parameter in the Languages Menu component.
by sromanhu
CVSS 5.4
CVE-2023-43342 NOMISEC MEDIUM
Quick CMS 6.7 - Stored Cross-Site Scripting in Languages Menu Component
Cross-site scripting (XSS) vulnerability in opensolution Quick CMS v.6.7 allows a local attacker to execute arbitrary code via a crafted script to the Languages Menu component.
by sromanhu
CVSS 5.4