Exploit for OS Command Injection in Olivetin

cve-2025-50946 Exploit script for CVE-2025-50946...

Exploit for Prototype Pollution in Substack Minimist

CVE-2020-7598 - Prototype Pollution in minimist Disclaimer...

GHSA-26WG-9XF2-Q495 Novu has a XSS sanitization bypass

Summary XSS sanitization is incomplete, some attributes are missing such as oncontentvisibilityautostatechange=. This allows for the email preview to render HTML that executes arbitrary JavaScript, Details Sanitization is implemented here:...

Craft CMS has Stored XSS in Table Field via "HTML" Column Type

A stored Cross-site Scripting XSS vulnerability exists in the editableTable.twig component when using the html column type. The application fails to sanitize the input, allowing an attacker to execute arbitrary JavaScript when another user views a page with the malicious table field. Prerequisite...

EUVD-2020-30934

OpenCTI 3.3.1 is vulnerable to a reflected cross-site scripting XSS attack via the /graphql endpoint. An attacker can inject arbitrary JavaScript code by sending a crafted GET request with a malicious payload in the query string, leading to execution of JavaScript in the victim's browser. For...

CVE-2020-36945

WebDamn User Registration Login System contains a SQL injection vulnerability that allows unauthenticated attackers to bypass login authentication by manipulating email credentials. Attackers can inject the payload '' OR '1'='1' in both username and password fields to gain unauthorized access to...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the confKey parameter. An attacker can execute arbitrary scripts in the context of the victim's browser session by injecting a malicious payload into this parameter. Note: This is only exploitable if the...

Apache Commons Text 1.10.0 - Remote Code Execution

Exploit Title: Apache Commons Text 1.10.0 - Remote Code Execution Text4Shell - POST-based Date: 2025-04-17 Exploit Author: Arjun Chaudhary Vendor Homepage: https://commons.apache.org/proper/commons-text/ Software Link:https://repo1.maven.org/maven2/org/apache/commons/commons-text/ Version: Apache...

Application Accounts Manager 1.0 Cross Site Scripting

Application Accounts Manager version 1.0 suffers from a persistent cross site scripting vulnerability. Exploit Title: Stored XSS on application-accounts-manager 1.0 Date: 03.14.2025 Exploit Author: Ümit AYAZ Vendor Homepage: www.sourcecodester.com Software Link:...

PT-2024-40322 · Silverstripe · Silverstripe/Framework

Name of the Vulnerable Software and Affected Versions: silverstripe/framework affected versions not specified Description: The issue concerns an XSS vulnerability in the Page name of silverstripe/framework. It can be triggered by a payload such as ", which results in an XSS alert. Recommendations...

WordPress Live Chat Unlimited 2.8.3 Cross Site Scripting

Exploit Title: Live Chat Unlimited v2.8.3 Stored XSS Injection Google Dork: inurl:"wp-content/plugins/screets-lcx" Date: 2019/06/25 Exploit Author: m0ze Vendor Homepage: https://screets.com/ Software Link: https://codecanyon.net/item/wordpress-live-chat-plugin/3952877 Version: 2.8.3 Tested on:...

Event Manager Admin panel - events_new.php SQL injection

Event Manager Admin panel - eventsnew.php SQL injection Exploit Title: Event Manager PHP Script Admin panel - 'eventsnew.php' SQL injection Date: 2018-06-10 Exploit Author: telahdihapus Vendor Homepage: https://codecanyon.net/user/ezcode Software Link:...

wget 1.9 - Directory Traversal

wget 1.9 - Directory Traversal !/usr/bin/perl -W wgettrap.poc -- A POC for the wget1 directory traversal vulnerability Copyright 2004 Jan Min???? jjminar fastmail fm License: Public Domain When wget connects to us, we send it a HTTP redirect constructed so that wget wget will connect the second...