EUVD-2017-2959

Malware in sbrugna...

EUVD-2021-27290

Malware in sbrugna...

gps-server.net GPS Tracking Software 3.0 Code Injection / Password Reset

Exploit Title: GPS-SERVER.NET SAAS CMS Unfortunately each and every POST request in the CMS is going through function mysqlrealescapestring which will add slashes behind every quote in the payload. So you have to make sure your payload doesn't contain any quote. Fortunately, PHP is flexible enoug...

Concrete CMS: Stored XSS in Name field in User Groups/Group Details form

Intro "The Crayons of Madagascar" Type of issue: Core CMS issue Level of severity: Internal Attack Vector Concrete5 version: 8.2.0 RC2 rev. 32c9daf352645d4fafedb7b956e7f2de4e153ab3 Summary There is Stored XSS vulnerability in User Groups-Group Details Name field. This vulnerability might be used ...

Concrete CMS: Stored XSS in Headline TextControl element in Express forms [ concrete5 8.1.0 ]

Intro Luke, I am your Crayons! Type of issue: Core CMS issue Level of severity: Internal Attack Vector Concrete5 version: 8.1.0 Summary There is Stored XSS vulnerability in Headline element of TextControl Express element. This vulnerability allows malicious user to embed JavaScript code and execu...