EUVD-2022-24505

Malicious code in bioql PyPI...

minewebcms 1.15.2 Cross Site Scripting

Exploit Title: minewebcms 1.15.2 - Cross-site Scripting XSS Google Dork: NA Date: 02/20/2022 Exploit Author: Chetanya Sharma @AggressiveUser Vendor Homepage: https://mineweb.org/ Software Link: https://github.com/mineweb/minewebcms Version: 1.15.2 Tested on: KALI OS CVE : CVE-2022-1163...

CVE-2022-1163

Cross-site Scripting XSS - Stored in GitHub repository mineweb/minewebcms prior to next...

CVE-2022-1163 Cross-site Scripting (XSS) - Stored in mineweb/minewebcms

Cross-site Scripting XSS - Stored in GitHub repository mineweb/minewebcms prior to next...

CVE-2022-1163

MineWebCMS (GitHub repo mineweb/minewebcms) 1.15.2 contains a stored Cross-site Scripting (XSS) vulnerability. The issue is triggered by input fields in the admin interface (e.g., Link Name and URL) that accept data from untrusted sources and later render it in pages, enabling script execution in...

Cross-site Scripting (XSS) - Stored in mineweb/minewebcms

Description A malicious actor is able to add new Notification with a malicious payload, and upon the user receives the notification, the malicious payload is being executed. Proof of Concept - 1; Log in with any user, who is able to submit notifications - 2; Create a new notification at...

Cross-site Scripting (XSS) - Stored in mineweb/minewebcms

Description A malicious actor is able to add a malicious payload as a new Page Title, and after every time any administrative user visits the /admin/pages route, the XSS payload is executed. Proof of Concept 1;Create a new Page at the following route: /admin/pages/add. Use the following payload a...