Lucene search
K
PacketstormMost viewed

50738 matches found

Packet Storm
Packet Storm
•added 2021/03/29 12:0 a.m.•533 views

WordPress WP Super Cache 1.7.1 Remote Code Execution

Exploit Title: WordPress Plugin WP Super Cache 1.7.1 - Remote Code Execution Authenticated Google Dork: inurl:/wp-content/plugins/wp-super-cache/ Date: 2021-03-13 Exploit Author: m0ze Version: Cache Location option. Direct access to the wp-cache-config.php file is not prohibited, so this...

Exploits0
Packet Storm
Packet Storm
•added 2020/07/12 12:0 a.m.•533 views

Liferay Portal Remote Code Execution

Exploit Title: Data in Liferay Portal prior to 7.2.1 CE GA2 - Remote code execution Author: nu11secur1ty Date: 2020-01-24 Vendor: Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7961 https://github.com/nu11secur1ty/Windows10Exploits/tree/master/Undefined/CVE-2020-7961 CVE:...

7.5CVSS0.1AI score0.99783EPSS
Exploits10
Packet Storm
Packet Storm
•added 2019/09/02 12:0 a.m.•533 views

Microsoft Outlook Web Access Build 15.1.1591 Header Injection

!/usr/bin/perl -w Microsoft Outlook Web Access build:15.1.1591 Remote Header 'Host' Injection Exploit Copyright 2019 c Todor Donev Disclaimer: This or previous programs are for Educational purpose ONLY. Do not use it without permission. The usual disclaimer applies, especially the fact that Todor...

0.2AI score
Exploits0
Packet Storm
Packet Storm
•added 2024/10/18 12:0 a.m.•532 views

Magento / Adobe Commerce Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'CosmicSting: Magento Arbitrary File Read CVE-2024-34102 + PHP Buffer Overflow in the iconv function of glibc CVE-2024-2961', 'Description' = %q...

9.8CVSS7.6AI score0.99994EPSS
Exploits38
Packet Storm
Packet Storm
•added 2024/08/31 12:0 a.m.•532 views

BIND TSIG Badtime Query Denial of Service

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'BIND TSIG Badtime Query Denial of Service', 'Description' = %q A logic error in code which checks TSIG validity can be used to trigger an asserti...

7.5CVSS7.2AI score0.93422EPSS
Exploits5
Packet Storm
Packet Storm
•added 2021/09/28 12:0 a.m.•532 views

WordPress Popup 1.10.4 Cross Site Scripting

Exploit Title: WordPress Plugin Popup 1.10.4 - Reflected Cross-Site Scripting XSS Date: 3/28/2021 Author: 0xB9 Software Link: https://wordpress.org/plugins/popup-by-supsystic/ Version: 1.10.4 Tested on: Windows 10 CVE: CVE-2021-24275 1. Description: The plugin did not sanitize the tab parameter o...

6.1CVSS0.18165EPSS
Exploits5
Packet Storm
Packet Storm
•added 2021/09/20 12:0 a.m.•532 views

WordPress 5.7 Media Library XML Injection

Exploit Title: WordPress 5.7 - 'Media Library' XML External Entity Injection XXE Authenticated Date: 16/09/2021 Exploit Author: David Utón M3n0sD0n4ld Vendor Homepage: https://wordpress.com Affected Version: WordPress 5.6-5.7 & PHP8 Tested on: Linux Ubuntu 18.04.5 LTS CVE : CVE-2021-29447...

7.1CVSS0.7AI score0.85719EPSS
Exploits20
Packet Storm
Packet Storm
•added 2022/08/18 12:0 a.m.•531 views

Advantech iView NetworkServlet Command Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Advantech iView NetworkServlet Command Injection', 'Description' = %q Versions of Advantech iView software below 5.7.04.6469 are vulnerable to an...

9.8CVSS0.4AI score0.59184EPSS
Exploits4
Packet Storm
Packet Storm
•added 2021/03/26 12:0 a.m.•531 views

TP-Link Cross Site Scripting

============================================================== Unauthenticated Stored Cross-site Scripting in Multiple TP-Link Devices ============================================================== Overview ======== Title:- Unauthenticated Stored Cross-site Scripting in TP-Link Devices. CVE-ID :-...

0.01788EPSS
Exploits3
Packet Storm
Packet Storm
•added 2023/10/27 12:0 a.m.•530 views

phpFox 4.8.13 PHP Object Injection

-------------------------------------------------------------- phpFox = 4.8.13 redirect PHP Object Injection Vulnerability -------------------------------------------------------------- - Software Link: https://www.phpfox.com - Affected Versions: Version 4.8.13 and prior versions. - Vulnerability...

7.1AI score0.01806EPSS
Exploits3
Packet Storm
Packet Storm
•added 2023/08/11 12:0 a.m.•530 views

TP-Link Archer AX21 Command Injection

!/usr/bin/python3 Exploit Title: TP-Link Archer AX21 - Unauthenticated Command Injection Date: 07/25/2023 Exploit Author: Voyag3r https://github.com/Voyag3r-Security Vendor Homepage: https://www.tp-link.com/us/ Version: TP-Link Archer AX21 AX1800 firmware versions before 1.1.4 Build 20230219...

8.8CVSS7.1AI score0.99999EPSS
Exploits7
Packet Storm
Packet Storm
•added 2022/12/07 12:0 a.m.•530 views

py7zr 0.20.0 Directory Traversal

CVE-2022-44900: path traversal vulnerability in py7zr Directory traversal vulnerability in SevenZipFile.extractall function of the python library py7zr version 0.20.0 and earlier allow attackers to read arbitrary files on the local machine via malicious 7z file extraction. CVE-2022-44900...

0.3AI score0.02242EPSS
Exploits3
Packet Storm
Packet Storm
•added 2022/01/20 12:0 a.m.•530 views

VMware vCenter Server Unauthenticated Log4Shell JNDI Injection Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'VMware vCenter Server Unauthenticated JNDI Injection RCE via Log4Shell', 'Description' = %q VMware vCenter Server is affected by the Log4Shell...

10CVSS1AI score0.99999EPSS
Exploits351
Packet Storm
Packet Storm
•added 2021/07/19 12:0 a.m.•530 views

WordPress LearnPress SQL Injection

Exploit Title: WordPress Plugin LearnPress /wp-admin 2. Login with a cred 3. Execute the payload POST /wordpress/wp-admin/post-new.php?posttype=lporder HTTP/1.1 Host: localhost User-Agent: Mozilla/5.0 Windows NT 10.0; Win64; x64; rv:89.0 Gecko/20100101 Firefox/89.0 Accept: application/json,...

6.5CVSS0.2AI score0.49231EPSS
Exploits6
Packet Storm
Packet Storm
•added 2021/06/04 12:0 a.m.•530 views

Cisco HyperFlex HX Data Platform Command Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Cisco HyperFlex HX Data Platform Command Execution', 'Description' = %q This module exploits an unauthenticated command injection in Cisco...

10CVSS0.4AI score0.99999EPSS
Exploits6
Packet Storm
Packet Storm
•added 2023/04/14 12:0 a.m.•529 views

Microsoft Word Remote Code Execution

Title: Microsoft Word Remote Code Execution Vulnerability Author: nu11secur1ty Date: 04.14.2023 Vendor: https://www.microsoft.com/ Software: https://www.microsoft.com/en-us/microsoft-365/word?activetab=tabs%3afaqheaderregion3 Reference:...

7.8CVSS7.8AI score0.02719EPSS
Exploits3
Packet Storm
Packet Storm
•added 2022/12/19 12:0 a.m.•529 views

Senayan Library Management System 9.2.0 Cross Site Scripting

Title: Senayan Library Management System v9.2.0 a.k.a SLIMS 9 XSS-Reflected - inserting gif - redirect to outside HTTPS server Author: nu11secur1ty Date: 12.19.2022 Vendor: https://slims.web.id/web/ Software: https://github.com/slims/slims9bulian/releases/tag/v9.2.0 Reference:...

7.4AI score
Exploits0
Packet Storm
Packet Storm
•added 2022/09/05 12:0 a.m.•529 views

Apple macOS Remote Events Memory Corruption

!/usr/bin/env python -- coding: UTF-8 -- naval.py Apple macOS Remote Events Remote Memory Corruption Vulnerability Jeremy Brown jbrown3264/gmail ===== Intro ===== eppc Hello from AEServer Remote Apple Events is a core service and remote system administration and automation tool for Macs. It can b...

0.2AI score0.01402EPSS
Exploits2
Packet Storm
Packet Storm
•added 2021/11/16 12:0 a.m.•529 views

Online Learning System 2.0 Remote Code Execution

Exploit Title: Online Learning System 2.0 - Remote Code Execution RCE Date: 15/11/2021 Exploit Author: djebbaranon Vendor Homepage: https://github.com/oretnom23 Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/elearningv20.zip Version: 2.0 Tested on: Kali linux...

9.2AI score0.09985EPSS
Exploits4
Packet Storm
Packet Storm
•added 2024/09/01 12:0 a.m.•528 views

SMTP User Enumeration Utility

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SMTP User Enumeration Utility', 'Description' = %q The SMTP service has two internal commands that allow the enumeration of users: VRFY confirmin...

7.1AI score
Exploits2
Packet Storm
Packet Storm
•added 2024/08/31 12:0 a.m.•528 views

SNMP Community Login Scanner

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'metasploit/framework/communitystringcollection' require 'metasploit/framework/loginscanner/snmp' class MetasploitModule 'SNMP Community Login Scanner',...

6.9AI score0.27166EPSS
Exploits3
Packet Storm
Packet Storm
•added 2022/04/21 12:0 a.m.•528 views

ManageEngine ADSelfService Plus Custom Script Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'ManageEngine ADSelfService Plus Custom Script Execution', 'Description' = %q This module exploits the "custom script" feature of ADSelfService...

0.5AI score0.70419EPSS
Exploits4
Packet Storm
Packet Storm
•added 2021/04/13 12:0 a.m.•528 views

Simple Student Information System 1.0 SQL Injection

Exploit Title: Simple Student Information System 1.0 - SQL Injection Authentication Bypass Date: 13 April 2021 Exploit Author: Galuh Muhammad Iman Akbar GaluhID Vendor Homepage: https://www.sourcecodester.com/php/11400/simple-student-information-system-ajax-live-search.html Software Link:...

7.4AI score
Exploits0
Packet Storm
Packet Storm
•added 2019/11/05 12:0 a.m.•528 views

html5_snmp 1.11 SQL Injection

Exploit Title: html5snmp 1.11 - 'RouterID' SQL Injection Date: 2019-11-01 Exploit Author: Cakes Vendor Homepage: https://github.com/lolypop55/html5snmp Software Link: https://github.com/lolypop55/html5snmp.git Version: 1.11 Tested on: CentOS 7 CVE: N/A PoC for error, time, boolean and Union based...

Exploits0
Packet Storm
Packet Storm
•added 2017/04/26 12:0 a.m.•528 views

LightDM (Ubuntu 16.04/16.10) Privilege Escalation

Source: https://blogs.securiteam.com/index.php/archives/3134 Vulnerability Summary The following advisory describes a local privilege escalation via LightDM found in Ubuntu versions 16.10 / 16.04 LTS. Ubuntu is an open source software platform that runs everywhere from IoT devices, the smartphone...

6.9CVSS0.5AI score0.02669EPSS
Exploits5
Packet Storm
Packet Storm
•added 2020/12/03 12:0 a.m.•527 views

Sony BRAVIA Digital Signage 1.7.8 Insecure Direct Object Reference

Sony BRAVIA Digital Signage 1.7.8 Client-Side Protection Bypass / IDOR Vendor: Sony Electronics Inc. Product web page: https://pro-bravia.sony.net https://pro-bravia.sony.net/resources/software/bravia-signage/ https://pro.sony/ueUS/products/display-software Affected version: =1.7.8 Summary: Sony'...

7.4AI score
Exploits0
Packet Storm
Packet Storm
•added 2020/12/03 12:0 a.m.•527 views

Sony BRAVIA Digital Signage 1.7.8 Unauthenticated Remote File Inclusion

Sony BRAVIA Digital Signage 1.7.8 Unauthenticated Remote File Inclusion Vendor: Sony Electronics Inc. Product web page: https://pro-bravia.sony.net https://pro-bravia.sony.net/resources/software/bravia-signage/ https://pro.sony/ueUS/products/display-software Affected version: =1.7.8 Summary: Sony...

0.6AI score
Exploits0
Packet Storm
Packet Storm
•added 2021/11/05 12:0 a.m.•526 views

Backdoor.Win32.Jokerdoor Buffer Overflow

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/6ec85a641656f63f4de853468509d3e3.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Jokerdoor Vulnerability: Remote Stack Buffer Overflow Description: The malware listen...

7.1AI score
Exploits0
Packet Storm
Packet Storm
•added 2021/02/09 12:0 a.m.•526 views

Discord Probot Arbitrary File Upload

Exploit Title: Discord Probot - Unrestricted File Upload Google Dork: N/A Date: 2021-02-08 Exploit Author: ThelastVvV Vendor Homepage:probot.io Version:Version 2021 Tested on: Debian 5.7.10-1parrot2 CVE:CVE-2021-26918 About: Probot is a discord very customizable multipurpose bot for welcome image...

0.1AI score0.02585EPSS
Exploits2
Packet Storm
Packet Storm
•added 2020/07/29 12:0 a.m.•526 views

Cisco Adaptive Security Appliance Software 9.7 Arbitrary File Deletion

Exploit Title: Cisco Adaptive Security Appliance Software 9.7 - Unauthenticated Arbitrary File Deletion Google Dork: inurl:/+CSCOE+/ Date: 2020-08-27 Exploit Author: 0xmmnbassel Vendor Homepage: https://www.cisco.com/c/en/us/products/security/asa-firepower-services/index.htmlmodels Version: Cisco...

7.5CVSS0.9AI score0.99992EPSS
Exploits26
Packet Storm
Packet Storm
•added 2019/12/12 12:0 a.m.•526 views

OpenNetAdmin 18.1.1 Command Injection

class MetasploitModule 'OpenNetAdmin Ping Command Injection', 'Description' = %q This module exploits a command injection in OpenNetAdmin between 8.5.14 and 18.1.1. , 'Author' = 'mattpascoe', Vulnerability discovery 'Onur ER ' Metasploit module , 'References' = 'EDB', '47691' , 'DisclosureDate' =...

0.2AI score
Exploits0
Packet Storm
Packet Storm
•added 2019/06/21 12:0 a.m.•526 views

EA Origin Remote Code Execution

Exploit Title: EA Origin 10.5.38 Remote Code Execution Date: 05/22/2019 Exploit Author: Dominik Penner @zer0pwn Vendor Homepage: https://www.origin.com Software Link: https://www.origin.com/can/en-us/store/download Version: 10.5.38 and below Tested on: Windows 7, Windows 8, Windows 10 CVE :...

9.3CVSS0.2AI score0.71776EPSS
Exploits14
Packet Storm
Packet Storm
•added 2021/11/01 12:0 a.m.•525 views

My Movie Collection Sinatra App Login Cross Site Scripting

Document Title: =============== My Movie Collection Sinatra App - Login XSS Vulnerabilities References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2293 Release Date: ============= 2021-11-01 Vulnerability Laboratory ID VL-ID: ==================================...

0.2AI score
Exploits0
Packet Storm
Packet Storm
•added 2021/07/23 12:0 a.m.•525 views

Microsoft SharePoint Server 2019 Remote Code Execution

Exploit Title: Microsoft SharePoint Server 2019 - Remote Code Execution 2 Google Dork: inurl:quicklinks.aspx Date: 2020-08-14 Exploit Author: West Shepherd Vendor Homepage: https://www.microsoft.com Version: SharePoint Enterprise Server 2013 Service Pack 1, SharePoint Enterprise Server 2016 ,...

6.8CVSS8AI score0.94243EPSS
Exploits10
Packet Storm
Packet Storm
•added 2021/04/15 12:0 a.m.•525 views

Horde Groupware Webmail 5.2.22 Cross Site Scripting

Exploit Title: Horde Groupware Webmail 5.2.22 - Stored XSS Author: Alex Birnberg Testing and Debugging: Ventsislav Varbanovski @nu11secur1ty Date: 04.14.2021 Vendor: https://www.horde.org/apps/webmail Link: https://github.com/horde/webmail/releases CVE: CVE-2021-26929 + Exploit Source:...

4.3CVSS6.2AI score0.04944EPSS
Exploits7
Packet Storm
Packet Storm
•added 2020/12/10 12:0 a.m.•525 views

Library Management System 2.0 SQL Injection

Exploit Title: Library Management System 2.0 - Auth Bypass SQL Injection Date: 2020-12-09 Exploit Author: Manish Solanki Vendor Homepage: https://www.sourcecodester.com/php/6849/library-management-system.html Software Link:...

0.1AI score
Exploits0
Packet Storm
Packet Storm
•added 2020/11/13 12:0 a.m.•525 views

HorizontCMS 1.0.0-beta Shell Upload

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'HorizontCMS Arbitrary PHP File Upload', 'Description' = %q This module exploits an arbitrary file upload vulnerability in HorizontCMS 1.0.0-beta ...

6.5CVSS0.2AI score0.18461EPSS
Exploits4
Packet Storm
Packet Storm
•added 2024/11/14 12:0 a.m.•524 views

Siemens Energy Omnivise T3000 8.2 SP3 Privilege Escalation / File Download

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple vulnerabilities product: Siemens Energy Omnivise T3000 vulnerable version: =8.2 SP3 fixed version: see solution section CVE number: CVE-2024-38876, CVE-2024-3887...

9.8CVSS7.4AI score0.11452EPSS
Exploits3
Packet Storm
Packet Storm
•added 2023/08/16 12:0 a.m.•524 views

AudioCodes VoIP Phones Hardcoded Key

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2022-054 Product: AudioCodes VoIP Phones Manufacturer: AudioCodes Ltd. Affected Versions: Firmware Versions = 3.4.8.M4 Tested Versions: Firmware Version 3.4.4.1000 Vulnerability Type: Use of Hard-coded Cryptographic Key CWE-321 Ris...

7.1AI score0.01131EPSS
Exploits2
Packet Storm
Packet Storm
•added 2021/04/06 12:0 a.m.•524 views

OpenBSD OpenSMTPD 6.6 Remote Code Execution

Exploit Title: OpenBSD OpenSMTPD Remote Code Execution Vulnerability Date: 05/04/2021 Exploit Author: Tobias Marcotto Tested on: Kali Linux x64 Version: 6.6 Description: smtpmailaddr in smtpsession.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows remote attackers to execute...

10CVSS0.2AI score0.98946EPSS
Exploits27
Packet Storm
Packet Storm
•added 2021/03/26 12:0 a.m.•524 views

Backdoor.Win32.Kwak.12 Denial Of Service

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/c25393545e5ead3a35996ef9a887bd34C.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Kwak.12 Vulnerability: Remote Denial of Service Description: The backdoor runs an FT...

7.4AI score
Exploits0
Packet Storm
Packet Storm
•added 2020/12/01 12:0 a.m.•524 views

eClass LMS 2.6 Shell Upload

...

7.4AI score
Exploits0
Packet Storm
Packet Storm
•added 2020/10/19 12:0 a.m.•524 views

TinyMCE 5 HTML Injection

Exploit Title: iframe Injection\Html Injection TinyMCE 5 HTML WYSIWYG Date:18.10.2020 Author: Vincent666 ibn Winnie Software Link: https://www.tiny.cloud/features/ Tested on: Windows 10 Web Browser: Mozilla Firefox Blog : https://pentest-vincent.blogspot.com/ PoC:...

7.4AI score
Exploits0
Packet Storm
Packet Storm
•added 2025/06/23 12:0 a.m.•523 views

📄 Mobile Mouse 3.6.0.4 WebSocket Remote Code Execution

Mobile Mouse version 3.6.0.4 contains a remote code execution vulnerability through its WebSocket interface. Exploit Title: Mobile Mouse 3.6.0.4 WebSocket Remote code execution Date: 06/17/2025 Exploit Author: Chokri Hammedi Vendor Homepage: https://mobilemouse.com/ Software Link:...

8.2AI score
Exploits0
Packet Storm
Packet Storm
•added 2024/11/07 12:0 a.m.•523 views

TestRail CLI FieldsParser eval Injection

This is not a very exciting vulnerability, but I had already publicly disclosed it on GitHub at the request of the vendor. Since that report has disappeared, the link I had provided to MITRE was invalid, so here it is again. -Devin --- Unsafe eval in TestRail CLI FieldsParser Date Reported:...

7.4AI score
Exploits0
Packet Storm
Packet Storm
•added 2023/05/31 12:0 a.m.•523 views

Qualcomm Adreno/KGSL Unchecked Cast / Type Confusion

Qualcomm Adreno/KGSL: unchecked cast of vma-vmfile-privatedata in kgslsetupdmabufuseraddr Tested on a Pixel 4 flame, on the latest update from 2023-02, which self-reports as SPL 2022-10-05, since I don't yet have any newer device with KGSL here - but as far as I can tell from the sources, it shou...

8.4CVSS7.1AI score0.0018EPSS
Exploits2
Packet Storm
Packet Storm
•added 2022/06/01 12:0 a.m.•523 views

libxml2 xmlBufAdd Heap Buffer Overflow

libxml2: heap-buffer-overflow in xmlBufAdd libxml2 is vulnerable to a heap-buffer-overflow when xmlBufAdd is called on a very large buffer: int xmlBufAddxmlBufPtr buf, const xmlChar str, int len unsigned int needSize; .. needSize = buf-use + len + 2; A if needSize buf-size .. if !xmlBufResizebuf,...

6.5CVSS0.9AI score0.0363EPSS
Exploits5
Packet Storm
Packet Storm
•added 2021/11/27 12:0 a.m.•523 views

Backdoor.Win32.Coredoor.10.a Man-In-The-Middle

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/4d10cd3fa86239ade05d2b741892b1e5B.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Coredoor.10.a Vulnerability: Port Bounce Scan Description: The malware listens on TC...

7.1AI score
Exploits0
Packet Storm
Packet Storm
•added 2021/05/24 12:0 a.m.•523 views

Schlix CMS 2.2.6-6 Shell Upload / Directory Traversal

Exploit Title: Schlix CMS 2.2.6-6 - Arbitary File Upload And Directory Traversal Leads To RCE Authenticated Date: 21.05.2021 Exploit Author: Emir Polat Vendor Homepage: https://www.schlix.com/ Software Link: https://www.schlix.com/html/schlix-cms-downloads.html Version: 2.2.6-6 Tested On: Ubuntu...

7.4AI score
Exploits0
Packet Storm
Packet Storm
•added 2021/04/28 12:0 a.m.•523 views

Kirby CMS 3.5.3.1 Cross Site Scripting

Exploit Title: Kirby CMS 3.5.3.1 - 'file' Cross-Site Scripting XSS Date: 21-04-2021 Exploit Author: Sreenath Raghunathan Vendor Homepage: https://getkirby.com/ Software Link: https://github.com/getkirby/kirby Version: 3.5.3.1REQUIRED CVE : CVE-2021-29460 POST /api/users//avatar HTTP/1.1 Host:...

5.8AI score0.03174EPSS
Exploits4
Total number of security vulnerabilities5000