exploitdb
WRITEUP
VERIFIED
by High-Tech Bridge SA · textwebappsphp
https://www.exploit-db.com/exploits/37040
The provided text describes SQL injection and XSS vulnerabilities in osCMax 2.5.0, with an example XSS payload. It lacks executable exploit code but outlines attack vectors.
Classification
Writeup 90%
Target:
osCMax 2.5.0
No auth needed
Prerequisites:
Access to the vulnerable endpoint
exploitdb
WRITEUP
VERIFIED
by High-Tech Bridge SA · textwebappsphp
https://www.exploit-db.com/exploits/37041
The provided text describes multiple SQL injection and XSS vulnerabilities in osCMax 2.5.0, with example URLs demonstrating XSS payloads. No actual exploit code is present, only a vulnerability description and proof-of-concept URLs.
Classification
Writeup 90%
Target:
osCMax 2.5.0
No auth needed
Prerequisites:
Access to the vulnerable admin endpoint
exploitdb
WRITEUP
VERIFIED
by High-Tech Bridge SA · textwebappsphp
https://www.exploit-db.com/exploits/37042
The provided text describes a cross-site scripting (XSS) vulnerability in osCMax 2.5.0, where unsanitized user input in the 'status' parameter of 'stats_monthly_sales.php' allows execution of arbitrary JavaScript code. The example demonstrates a basic XSS payload to steal cookies.
Classification
Writeup 90%
Target:
osCMax 2.5.0
No auth needed
Prerequisites:
Access to the vulnerable admin page
exploitdb
WRITEUP
VERIFIED
by High-Tech Bridge SA · textwebappsphp
https://www.exploit-db.com/exploits/37043
The provided text describes a vulnerability in osCMax 2.5.0, specifically SQL injection and XSS vulnerabilities due to insufficient input sanitization. It includes an example XSS payload but lacks executable exploit code.
Classification
Writeup 90%
Target:
osCMax 2.5.0
No auth needed
Prerequisites:
Access to the target URL
exploitdb
WRITEUP
VERIFIED
by High-Tech Bridge SA · textwebappsphp
https://www.exploit-db.com/exploits/37046
The provided text describes a cross-site scripting (XSS) vulnerability in osCMax 2.5.0, where user-supplied input is not sufficiently sanitized. The example demonstrates an XSS payload injected via the 'pageTitle' parameter in the admin interface.
Classification
Writeup 90%
Target:
osCMax 2.5.0
Auth required
Prerequisites:
Access to the admin interface · User interaction or reflected XSS context
exploitdb
WORKING POC
VERIFIED
by High-Tech Bridge SA · textwebappsphp
https://www.exploit-db.com/exploits/37038
This exploit demonstrates a cross-site scripting (XSS) vulnerability in osCMax 2.5.0 by injecting a malicious script into the username field of a login form. The script executes when processed, potentially stealing cookie-based authentication credentials.
Classification
Working Poc 90%
Target:
osCMax 2.5.0
No auth needed
Prerequisites:
Access to the target login page
exploitdb
WRITEUP
VERIFIED
by High-Tech Bridge SA · textwebappsphp
https://www.exploit-db.com/exploits/37044
The provided text describes a cross-site scripting (XSS) vulnerability in osCMax 2.5.0, where user-supplied input is not sufficiently sanitized. The example URL demonstrates an XSS payload that could steal cookie-based authentication credentials.
Classification
Writeup 90%
Target:
osCMax 2.5.0
No auth needed
Prerequisites:
Access to the vulnerable URL endpoint
exploitdb
WORKING POC
VERIFIED
by High-Tech Bridge SA · textwebappsphp
https://www.exploit-db.com/exploits/37039
This exploit demonstrates multiple cross-site scripting (XSS) vulnerabilities in osCMax 2.5.0 by injecting malicious scripts into form fields. The PoC shows how unsanitized input can lead to arbitrary JavaScript execution in the context of the admin panel.
Classification
Working Poc 90%
Target:
osCMax 2.5.0
No auth needed
Prerequisites:
Access to the target admin panel URL
exploitdb
WRITEUP
VERIFIED
by High-Tech Bridge SA · textwebappsphp
https://www.exploit-db.com/exploits/37045
The provided text describes a cross-site scripting (XSS) vulnerability in osCMax 2.5.0, where unsanitized user input in the 'zID' parameter allows execution of arbitrary JavaScript. The example demonstrates a basic XSS payload to steal cookies.
Classification
Writeup 90%
Target:
osCMax 2.5.0
No auth needed
Prerequisites:
Access to the vulnerable admin page