CMSuno 1.7 - (tgo) Stored Cross-Site Scripting (Authenticated) Vulnerability

Exploit Title: CMSuno 1.7 - 'tgo' Stored Cross-Site Scripting XSS Authenticated Exploit Author: splint3rsec Vendor Homepage: https://github.com/boiteasite Software Link: https://github.com/boiteasite/cmsuno Affected Versions: CMSuno 1.7 and prior CVE : CVE-2021-36654 CMSuno version 1.7 and prior ...

CMSuno 1.7 - 'tgo' Stored Cross-Site Scripting (XSS) (Authenticated)

Exploit Title: CMSuno 1.7 - 'tgo' Stored Cross-Site Scripting XSS Authenticated Date: 03-08-2021 Exploit Author: splint3rsec Vendor Homepage: https://github.com/boiteasite Software Link: https://github.com/boiteasite/cmsuno Affected Versions: CMSuno 1.7 and prior CVE : CVE-2021-36654 CMSuno versi...

CMSUno 1.6 - Cross-Site Request Forgery (Change Admin Password)

Exploit Title: CMSUno 1.6 - Cross-Site Request Forgery Change Admin Password Date: 2020-05-31 Exploit Author: Noth Vendor Homepage: https://github.com/boiteasite/cmsuno Software Link: https://github.com/boiteasite/cmsuno Version: v1.6 CVE : 2020-15600 An issue was discovered in CMSUno before 1.6....

CVE-2020-15600

CVE-2020-15600 affects CMSUno versions prior to 1.6.1. The vulnerability is a cross-site request forgery in uno.php that allows an attacker to change the admin password. Several connected sources corroborate the issue and point to exposure in CMSUno before 1.6.1, with PoC examples and references ...