CVE-2025-60298

CVE-2025-60298 affects Novel-Plus up to version 5.2.4, with a Stored XSS via the /author/updateIndexName endpoint. The indexName parameter is stored in the database and executed when other users view the affected book chapter, enabling authenticated attackers to inject JavaScript. CVSSv3.1 base s...

Perfex CRM 跨站脚本漏洞

Perfex CRM is a customer relationship management software from Perfex CRM open source. It is used to manage customers, projects and create invoices in the cloud. A cross-site scripting vulnerability exists in Perfex CRM version 3.2.1, which stems from insufficient validation of user input for the...

October CMS 1.0.431 - Cross-Site Scripting

October CMS 1.0.431 - Cross-Site Scripting ​​ Exploit Title: October CMS Stored Code Injection Date: 16-02-2018 Exploit Author: Samrat Das Contact: http://twitter.com/SamratDas93 Website: https://securitywarrior9.blogspot.in/ Vendor Homepage: https://octobercms.com/ Version: All versions till dat...

October CMS < 1.0.431 - Cross-Site Scripting

​​ Exploit Title: October CMS Stored Code Injection Date: 16-02-2018 Exploit Author: Samrat Das Contact: http://twitter.com/SamratDas93 Website: https://securitywarrior9.blogspot.in/ Vendor Homepage: https://octobercms.com/ Version: All versions till date from 1.0.431 CVE : CVE- 2018-7198 Categor...

October CMS Cross Site Scripting

Exploit Title: October CMS Stored Code Injection Date: 16-02-2018 Exploit Author: Samrat Das Contact: http://twitter.com/SamratDas93 Website: https://securitywarrior9.blogspot.in/ Vendor Homepage: https://octobercms.com/ Version: All versions till date from 1.0.431 CVE : CVE- 2018-7198 Category:...