Zdt - Page 29 of Zdt Vulnerabilities List

0day.today•added 2023/04/06 12:0 a.m.•300 views

Simple Food Ordering System v1.0 - Cross-Site Scripting Vulnerability

Exploit Title: Simple Food Ordering System v1.0 - Cross-Site Scripting XSS Exploit Author: Muhammad Navaid Zafar Ansari CVE Assigned: CVE-2023-0902 mitre.org nvd.nist.org Vendor Homepage: https://www.sourcecodester.com Software Link: Simple Food Ordering System Version: v 1.0 Tested on: Windows 1...

5.4CVSS6.4AI score0.02693EPSS

Exploits9

0day.today•added 2023/04/06 12:0 a.m.•293 views

Employee Task Management System v1.0 - SQL Injection Vulnerability (2)

Exploit Title: Employee Task Management System v1.0 - SQL Injection on edit-task.php Exploit Author: Muhammad Navaid Zafar Ansari CVE Assigned: CVE-2023-0902 mitre.org, nvd.nist.org Author: Muhammad Navaid Zafar Ansari Vendor Homepage: https://www.sourcecodester.com Software Link: Employee Task...

8.8CVSS6.3AI score0.02693EPSS

Exploits10

0day.today•added 2023/04/06 12:0 a.m.•203 views

atrocore 1.5.25 User interaction - Unauthenticated File upload Vulnerability

Exploit Title: atrocore 1.5.25 User interaction - Unauthenticated File upload - RCE Author: nu11secur1ty Vendor: https://atropim.com/ Software: https://github.com/atrocore/atrocore/releases/tag/1.5.25 Reference: https://portswigger.net/web-security/file-upload Description: The Create Import Feed...

0day.today•added 2023/04/06 12:0 a.m.•306 views

Art Gallery Management System Project in PHP v 1.0 - SQL injection Vulnerability

Exploit Title: Art Gallery Management System Project in PHP v 1.0 - SQL injection Exploit Author: Yogesh Verma Vendor Homepage: https://y0gesh-verma.github.io/ Software Link: https://phpgurukul.com/art-gallery-management-system-using-php-and-mysql/,...

9.8CVSS9.2AI score0.03684EPSS

0day.today•added 2023/04/06 12:0 a.m.•344 views

FileZilla Client 3.63.1 - (TextShaping.dll) DLL Hijacking Vulnerability

--------------------------------------------------------- Title: FileZilla Client 3.63.1 - 'TextShaping.dl' DLL Hijacking Author: Bilal Qureshi Vendor: https://filezilla-project.org/ Version: 3.63.1 Tested on: Windows 10 Pro 64-bit 10.0, Build 19044...

0day.today•added 2023/04/06 12:0 a.m.•349 views

Unified Remote 3.13.0 - Remote Code Execution Exploit

Exploit Title: Unified Remote 3.13.0 - Remote Code Execution RCE Google Dork: NA Exploit Author: H4rk3nz0 Vendor Homepage: https://www.unifiedremote.com/ Software Link: https://www.unifiedremote.com/download/windows Version: 3.13.0 Current Tested on: Windows CVE : NA Due to the use of...

7.1AI score

0day.today•added 2023/04/06 12:0 a.m.•277 views

Auto Dealer Management System v1.0 - SQL Injection Vulnerability (3)

Exploit Title: Auto Dealer Management System v1.0 - SQL Injection on manageuser.php Exploit Author: Muhammad Navaid Zafar Ansari CVE Assigned: CVE-2023-0915 mitre.org nvd.nist.org Vendor Homepage: https://www.sourcecodester.com Software Link: Auto Dealer Management System Version: v 1.0 Tested on...

8.8CVSS8.8AI score0.01728EPSS

0day.today•added 2023/04/06 12:0 a.m.•258 views

Arris Router Firmware 9.1.103 - Remote Code Execution (Authenticated) Exploit

Exploit Title: Arris Router Firmware 9.1.103 - Remote Code Execution RCE Authenticated Exploit Author: Yerodin Richards Vendor Homepage: https://www.commscope.com/ Version: 9.1.103 Tested on: TG2482A, TG2492, SBG10 CVE : CVE-2022-45701 import requests import base64 routerhost = "http://192.168.0....

8.8CVSS8.9AI score0.45313EPSS

Exploits6

0day.today•added 2023/04/06 12:0 a.m.•205 views

BulletProof FTP Server 2019.0.0.51 Denial Of Service Exploit

Exploit Title: BulletProof FTP Server 2019.0.0.51 - Denial of Service Discovery by: Yehia Elghaly - Mrvar0x Vendor Homepage: https://barcodemagic.com/ Software Link: http://bpftpserver.com/products/bpftpserver/windows/download Tested Version: 2019.0.0.51 Tested on: Windows 7 x86 Steps To Crash:...

0day.today•added 2023/04/06 12:0 a.m.•199 views

HospitalRun 1.0.0-beta - Local Root Exploit

Exploit Title: HospitalRun 1.0.0-beta - Local Root Exploit for macOS Written by Jean Pereira Date: 2023/03/04 Vendor Homepage: https://hospitalrun.io Software Link: https://github.com/HospitalRun/hospitalrun-frontend/releases/download/1.0.0-beta/HospitalRun.dmg Version: 1.0.0-beta Tested on: macO...

0day.today•added 2023/04/06 12:0 a.m.•247 views

Music Gallery Site v1.0 - Broken Access Control Vulnerability

Exploit Title: Music Gallery Site v1.0 - Broken Access Control Exploit Author: Muhammad Navaid Zafar Ansari CVE Assigned: CVE-2023-0963 mitre.org nvd.nist.org Vendor Homepage: https://www.sourcecodester.com Software Link: Music Gallery Site Version: v 1.0 Tested on: Windows 11 Broken...

9.8CVSS9.4AI score0.0467EPSS

0day.today•added 2023/04/06 12:0 a.m.•233 views

Employee Task Management System v1.0 - Broken Authentication Vulnerability

Exploit Title: Employee Task Management System v1.0 - Broken Authentication Exploit Author: Muhammad Navaid Zafar Ansari Date: 17 February 2023 CVE Assigned: CVE-2023-0905 mitre.org, nvd.nist.org Author: Muhammad Navaid Zafar Ansari Vendor Homepage: https://www.sourcecodester.com Software Link:...

7.5CVSS7.5AI score0.03189EPSS

0day.today•added 2023/04/06 12:0 a.m.•247 views

EasyNas 1.1.0 - OS Command Injection Exploit

Exploit Title: EasyNas 1.1.0 - OS Command Injection Exploit Author: Ivan Spiridonov email protected Author Blog: https://xbz0n.medium.com Version: 1.0.0 Vendor home page : https://www.easynas.org Authentication Required: Yes CVE : CVE-2023-0830 !/usr/bin/python3 import requests import sys import...

8.8CVSS8.7AI score0.20862EPSS

0day.today•added 2023/04/06 12:0 a.m.•213 views

WIMAX SWC-5100W Firmware V(1.11.0.1 :1.9.9.4) - Authenticated Remote Code Execution Exploit

Exploit Title: WIMAX SWC-5100W Firmware V1.11.0.1 :1.9.9.4 - Authenticated RCE Vulnerability Name: Ballin' Mada Exploit Author: Momen Eldawakhly Cyber Guy Vendor Homepage: http://www.seowonintech.co.kr/eng/main Version: Bootloader1.18.19.0 , HW 0.0.7.0, FW1.11.0.1 : 1.9.9.4 Tested on: Unix CVE :...

0day.today•added 2023/04/06 12:0 a.m.•275 views

pdfkit v0.8.7.2 - Command Injection Exploit

!/usr/bin/env python3 Exploit Title: pdfkit v0.8.7.2 - Command Injection Date: 02/23/2023 Exploit Author: UNICORD NicPWNs & Dev-Yeoj Vendor Homepage: https://pdfkit.org/ Software Link: https://github.com/pdfkit/pdfkit Version: 0.0.0-0.8.7.2 Tested on: pdfkit 0.8.6 CVE: CVE-2022–25765 Source:...

9.8CVSS9.4AI score0.38924EPSS

Exploits11

0day.today•added 2023/04/06 12:0 a.m.•239 views

LDAP Tool Box Self Service Password v1.5.2 - Account takeover Vulnerability

Exploit Title: LDAP Tool Box Self Service Password v1.5.2 - Account takeover Exploit Author: Tahar BENNACEF aka tar.gz Software Link: https://github.com/ltb-project/self-service-password Version: 1.5.2 Tested on: Ubuntu Self Service Password is a PHP application that allows users to change their...

0day.today•added 2023/04/06 12:0 a.m.•206 views

Mitel MiCollab AWV 8.1.2.4 and 9.1.3 - Directory Traversal / Local File Inclusion Vulnerability

Exploit Title: Mitel MiCollab AWV 8.1.2.4 and 9.1.3 - Directory Traversal and LFI Fix Date: 2020-05 Exploit Author: Kahvi-0 Github: https://github.com/Kahvi-0 Vendor Homepage: https://www.mitel.com/ Vendor Security Advisory:...

5.3CVSS5.6AI score0.45241EPSS

0day.today•added 2023/04/06 12:0 a.m.•219 views

Kimai 1.30.10 - SameSite Cookie session hijacking Exploit

Exploit Title: Kimai-1.30.10 - SameSite Cookie-Vulnerability session hijacking Author: nu11secur1ty Vendor: https://www.kimai.org/ Software: https://github.com/kimai/kimai/releases/tag/1.30.10 Reference: https://www.thesslstore.com/blog/the-ultimate-guide-to-session-hijacking-aka-cookie-hijacking...

0day.today•added 2023/04/06 12:0 a.m.•256 views

Microsoft Excel Spoofing Vulnerability

Title: Microsoft Excel Spoofing Vulnerability Author: nu11secur1ty Vendor: https://www.microsoft.com/ Software: https://www.microsoft.com/en-us/microsoft-365/excel Reference: https://www.rapid7.com/fundamentals/spoofing-attacks/ CVE-2023-23398 Description: The attack itself is carried out locally...

7.1CVSS7.3AI score0.00617EPSS

Exploits2

0day.today•added 2023/04/06 12:0 a.m.•340 views

modoboa 2.0.4 - Admin Account Takeover Exploit

/ Exploit Title: modoboa 2.0.4 - Admin TakeOver Description: Authentication Bypass by Primary Weakness Software Link: https://github.com/modoboa/modoboa Version: modoboa/modoboa prior to 2.0.4 Tested on: Arch Linux Exploit Author: 7h3h4ckv157 CVE: CVE-2023-0777 / package main import "fmt"...

9.8CVSS9.4AI score0.15088EPSS

0day.today•added 2023/04/06 12:0 a.m.•268 views

Intern Record System v1.0 - SQL Injection (Unauthenticated) Vulnerability

Exploit Title: Intern Record System v1.0 - SQL Injection Unauthenticated Exploit Author: Hamdi Sevben Vendor Homepage: https://code-projects.org/intern-record-system-in-php-with-source-code/ Software Link: https://download-media.code-projects.org/2020/03/InternRecordSystemInPHPWithSourceCode.zip...

9.8CVSS9.2AI score0.05348EPSS

0day.today•added 2023/04/06 12:0 a.m.•378 views

Dompdf 1.2.1 - Remote Code Execution Exploit

!/usr/bin/python3 Exploit Title: Dompdf 1.2.1 - Remote Code Execution RCE Date: 16 February 2023 Exploit Author: Ravindu Wickramasinghe @rvizx9 Vendor Homepage: https://dompdf.github.io/ Software Link: https://github.com/dompdf/dompdf Version: 1.2.1 Tested on: Kali linux CVE : CVE-2022-28368 Gith...

9.8CVSS9.2AI score0.82438EPSS

Exploits8

0day.today•added 2023/04/06 12:0 a.m.•255 views

Employee Task Management System v1.0 - SQL Injection Vulnerability

Exploit Title: Employee Task Management System v1.0 - SQL Injection on task-details.php?taskid=? Exploit Author: Muhammad Navaid Zafar Ansari CVE Assigned: CVE-2023-0904 mitre.org, nvd.nist.org Vendor Homepage: https://www.sourcecodester.com Software Link: Employee Task Management System Version:...

8.8CVSS8.8AI score0.01684EPSS

0day.today•added 2023/04/06 12:0 a.m.•236 views

craftercms 4.x.x - cross-origin resource sharing Vulnerability

Exploit Title: craftercms 4.x.x - CORS Author: nu11secur1ty Vendor: https://docs.craftercms.org/en/4.0/index.html Software: https://github.com/craftercms/craftercms/tags = 4.x.x Reference: https://portswigger.net/web-security/cors Description: The application implements an HTML5 cross-origin...

0day.today•added 2023/04/06 12:0 a.m.•235 views

Best pos Management System v1.0 - Remote Code Execution on File Upload Vulnerability

Exploit Title: Best pos Management System v1.0 - Remote Code Execution RCE on File Upload Exploit Author: Ahmed Ismail @MrOz1l Vendor Homepage: https://www.sourcecodester.com/php/16127/best-pos-management-system-php.html Software Link:...

8.8CVSS8.8AI score0.02266EPSS

Exploits2

0day.today•added 2023/04/06 12:0 a.m.•319 views

TitanFTP 2.0.1.2102 - Path traversal to Remote Code Execution Exploit

Titan FTP Server Path Traversal Vulnerability in move-file Function Version: 2.0.1.2102 CVE-2023-22629 CWE-24: Path Traversal TitanFTP Server is vulnerable to a path traversal attack in the move-file function. An attacker can exploit this vulnerability by providing a specially crafted newPath...

8.8CVSS8.7AI score0.12322EPSS

0day.today•added 2023/04/06 12:0 a.m.•234 views

Auto Dealer Management System v1.0 - SQL Injection Vulnerability

Exploit Title: Auto Dealer Management System v1.0 - SQL Injection Author Name: Muhammad Navaid Zafar Ansari Date: 18 February 2023 CVE Assigned: CVE-2023-0912 mitre.org nvd.nist.org Vendor Homepage: https://www.sourcecodester.com Software Link: Auto Dealer Management System Version: v 1.0 Tested...

8.8CVSS8.8AI score0.01635EPSS

0day.today•added 2023/04/06 12:0 a.m.•252 views

flatnux 2021-03.25 - Remote Code Execution (Authenticated) Vulnerability

Exploit Title: flatnux-2021-03.25 - Remote Code Execution Authenticated Exploit Author: Ömer Hasan Durmuş Vendor Homepage: https://en.altervista.org Software Link: http://flatnux.altervista.org/flatnux.html Version: 2021-03.25 Tested on: Windows/Linux POST...

0day.today•added 2023/04/06 12:0 a.m.•266 views

Music Gallery Site v1.0 - SQL Injection Vulnerability (3)

Exploit Title: Music Gallery Site v1.0 - SQL Injection on page Master.php Exploit Author: Muhammad Navaid Zafar Ansari CVE Assigned: CVE-2023-0962 mitre.org nvd.nist.org Vendor Homepage: https://www.sourcecodester.com Software Link: Music Gallery Site Version: v 1.0 Tested on: Windows 11 SQL...

8.8CVSS8.8AI score0.01741EPSS

0day.today•added 2023/04/06 12:0 a.m.•278 views

Simple Task Managing System v1.0 - SQL Injection (Unauthenticated) Vulnerability

Exploit Title: Simple Task Managing System v1.0 - SQL Injection Unauthenticated Exploit Author: Hamdi Sevben Vendor Homepage: https://www.sourcecodester.com/php/15624/simple-task-managing-system-php-mysqli-free-source-code.html Software Link:...

9.8CVSS9.2AI score0.20693EPSS

0day.today•added 2023/04/06 12:0 a.m.•274 views

POLR URL 2.3.0 - Shortener Admin Account Takeover Exploit

Exploit Title: POLR URL 2.3.0 - Shortener Admin Takeover Exploit Author: p4kl0nc4t Vendor Homepage: - Software Link: https://github.com/cydrobolt/polr Version: 2.3.0 Tested on: Linux CVE : CVE-2021-21276 import json import requests payload = 'acctusername': 'admin', 'acctpassword': 'password',...

9.3CVSS9.3AI score0.07164EPSS

0day.today•added 2023/04/06 12:0 a.m.•250 views

Auto Dealer Management System v1.0 - SQL Injection Vulnerability (2)

Exploit Title: Auto Dealer Management System v1.0 - SQL Injection in sellvehicle.php Author Name: Muhammad Navaid Zafar Ansari Date: 18 February 2023 CVE Assigned: CVE-2023-0913 mitre.org nvd.nist.org Vendor Homepage: https://www.sourcecodester.com Software Link: Auto Dealer Management System...

8.8CVSS8.8AI score0.01635EPSS

0day.today•added 2023/04/06 12:0 a.m.•235 views

Auto Dealer Management System 1.0 - Broken Access Control Exploit

Exploit Title: Auto Dealer Management System 1.0 - Broken Access Control Exploit It leads to compromise of all application accounts by accessing the ?page=user/list with low privileged user account Date: 18 February 2023 CVE Assigned: CVE-2023-0916 mitre.org nvd.nist.org Author: Muhammad Navaid...

8.8CVSS8.8AI score0.03074EPSS

0day.today•added 2023/04/05 12:0 a.m.•237 views

Citrix 22.2.1.103 / 23.1.1.11 Local Privilege Escalation Exploit

//Discovered by:: TOUHAMI KASBAOUI - VXREMALWARE //Reported to Citrix: 25/03/2023 //Tested Version: 22.2.1.103, 23.1.1.11/Last version //Exploit: https://github.com/sqrtZeroKnowledge/CitrixSecureAccessLPE0DAY define UNICODE define UNICODE include include include include include using namespace st...

7.4AI score

0day.today•added 2023/04/05 12:0 a.m.•296 views

GNU screen v4.9.0 - Privilege Escalation Exploit

Exploit Title: GNU screen v4.9.0 - Privilege Escalation Date: 03.02.2023 Exploit Author: Manuel Andreas Vendor Homepage: https://www.gnu.org/software/screen/ Software Link: https://ftp.gnu.org/gnu/screen/screen-4.9.0.tar.gz Version: 4.9.0 Tested on: Arch Linux CVE : CVE-2023-24626 import os impor...

6.5CVSS6.7AI score0.0054EPSS

0day.today•added 2023/04/05 12:0 a.m.•270 views

XWorm Trojan 2.1 - Null Pointer Derefernce DoS Vulnerability

Exploit Author: XWorm Trojan 2.1 - Null Pointer Derefernce DoS Exploit Author: TOUHAMI KASBAOUI Vendor Homepage: https://blog.cyble.com/2022/08/19/evilcoder-project-selling-multiple-dangerous-tools-online/ Software Link: N/A Version: 2.1 Tested on: Windows 10 CVE : N/A...

7.4AI score

0day.today•added 2023/04/05 12:0 a.m.•302 views

Control Web Panel 7 (CWP7) v0.9.8.1147 - Remote Code Execution Exploit

// Exploit Title: Control Web Panel 7 CWP7 v0.9.8.1147 - Remote Code Execution RCE // Exploit Author: Mayank Deshmukh // Vendor Homepage: https://centos-webpanel.com/ // Affected Versions: version 0.9.8.1147 // Tested on: Kali Linux // CVE : CVE-2022-44877 // Github POC:...

9.8CVSS9.2AI score0.99989EPSS

Exploits12

0day.today•added 2023/04/05 12:0 a.m.•251 views

Kardex Mlog MCC 5.7.12 - Remote Code Execution Exploit

!/usr/bin/env python3 Exploit Title: Kardex Mlog MCC 5.7.12 - RCE Remote Code Execution Date: 12/13/2022 Exploit Author: Patrick Hener Vendor Homepage: https://www.kardex.com/en/mlog-control-center Version: 5.7.12+0-a203c2a213-master Tested on: Windows Server 2016 CVE : CVE-2023-22855 Writeup:...

9.8CVSS9.2AI score0.14832EPSS

Exploits8

0day.today•added 2023/04/05 12:0 a.m.•226 views

SOUND4 LinkAndShare Transmitter 1.1.2 - Format String Stack Buffer Overflow

Exploit Title: SOUND4 LinkAndShare Transmitter 1.1.2 - Format String Stack Buffer Overflow Exploit Author: LiquidWorm Vendor: SOUND4 Ltd. Product web page: https://www.sound4.com | https://www.sound4.biz Affected version: 1.1.2 Summary: The SOUND4 Link&Share L&S is a simple and open protocol that...

7.1AI score

0day.today•added 2023/04/05 12:0 a.m.•306 views

Froxlor 2.0.3 Stable - Remote Code Execution Exploit

!/usr/bin/python3 Exploit Title: Froxlor 2.0.3 Stable - Remote Code Execution RCE Date: 2023-01-08 Exploit Author: Askar @mohammadaskar2 CVE: CVE-2023-0315 Vendor Homepage: https://froxlor.org/ Version: v2.0.3 Tested on: Ubuntu 20.04 / PHP 8.2 import telnetlib import requests import socket import...

8.8CVSS8.6AI score0.97653EPSS

Exploits8

0day.today•added 2023/04/05 12:0 a.m.•249 views

ImageMagick 7.1.0-49 - Denial Of Service Vulnerability

Exploit Title: ImageMagick 7.1.0-49 - DoS Author: nu11secur1ty Vendor: https://imagemagick.org/ Software: https://imagemagick.en.uptodown.com/windows/download/82953605 Reference: https://portswigger.net/daily-swig/denial-of-service CVE-ID: CVE-2022-44267 Description: ImageMagick 7.1.0-49 is...

6.5CVSS6.8AI score0.76581EPSS

0day.today•added 2023/04/05 12:0 a.m.•236 views

Liferay Portal 6.2.5 - Insecure Permissions Exploit

Exploit Title: Liferay Portal 6.2.5 - Insecure Permissions Google Dork: -inurl:/html/js/editor/ckeditor/editor/filemanager/browser/ Exploit Author: fu2x2000 Version: Liferay Portal 6.2.5 or later CVE : CVE-2021-33990 import requests import json print " Search this on Google Dork for liferay...

9.8CVSS9.2AI score0.11915EPSS

0day.today•added 2023/04/05 12:0 a.m.•246 views

Pentaho BA Server EE 9.3.0.0-428 Server-Side Template Injection / Remote Code Execution

Pentaho BA Server EE version 9.3.0.0-428 suffers from a remote code execution vulnerability via a server-side template injection flaw. Title: Pentaho BA Server EE 9.3.0.0-428 - RCE via Server-Side Template Injection Unauthenticated Author: dwbzn Vendor: https://www.hitachivantara.com/ Software...

9.8CVSS9.2AI score0.9767EPSS

Exploits7

0day.today•added 2023/04/05 12:0 a.m.•338 views

Provide Server v.14.4 XSS - CSRF & Remote Code Execution Vulnerabilities

Provide Server v. 14.4 CVE-2023-23286 Vulnerabilities: CWE-79: Improper Neutralization of Input During Web Page Generation Unauthenticated stored XSS in server-log delivered via username field from login-form CWE-352: Cross-Site Request Forgery CSRF-token exposed in javascript, making it possible...

6.1CVSS6.4AI score0.02628EPSS

0day.today•added 2023/04/05 12:0 a.m.•183 views

Answerdev 1.0.3 - Account Takeover Exploit

Exploit Title: Answerdev 1.0.3 - Account Takeover Exploit Author: Eduardo Pérez-Malumbres Cervera @blueudp Vendor Homepage: https://answer.dev/ Software Link: https://github.com/answerdev/answer Version: 1.0.3 Tested on: Ubuntu 22.04 / Debian 11 CVE : CVE-2023-0744 from sys import argv import...

9.8CVSS9.6AI score0.06368EPSS

0day.today•added 2023/04/05 12:0 a.m.•218 views

bgERP v22.31 (Orlovets) - Cookie Session vulnerability / Cross-Site Scripting Vulnerabilities

Title: bgERP v22.31 Orlovets - Cookie Session vulnerability & Cross-Site Scripting XSS Author: nu11secur1ty Vendor: https://bgerp.com/Bg/Za-sistemata Software: https://github.com/bgerp/bgerp/releases/tag/v22.31 Reference:...

0day.today•added 2023/04/05 12:0 a.m.•236 views

Online Eyewear Shop 1.0 - SQL Injection (Unauthenticated) Vulnerability

Exploit Title: Online Eyewear Shop 1.0 - SQL Injection Unauthenticated Exploit Author: Muhammad Navaid Zafar Ansari Vendor Homepage: https://www.sourcecodester.com/php/16089/online-eyewear-shop-website-using-php-and-mysql-free-download.html Software Link:...

0day.today•added 2023/04/05 12:0 a.m.•179 views

Calendar Event Multi View 1.4.07 - Unauthenticated Arbitrary Event Creation to XSS Vulnerability

Exploit Title: Calendar Event Multi View 1.4.07 - Unauthenticated Arbitrary Event Creation to Cross-Site Scripting XSS Exploit Author: Mostafa Farzaneh WPScan page: https://wpscan.com/vulnerability/95f92062-08ce-478a-a2bc-6d026adf657c Vendor Homepage:...

4.3CVSS5.3AI score0.02179EPSS

0day.today•added 2023/04/05 12:0 a.m.•282 views

CKEditor 5 35.4.0 - Cross-Site Scripting Vulnerability

Exploit Title: CKEditor 5 35.4.0 - Cross-Site Scripting XSS Exploit Author: Manish Pathak Vendor Homepage: https://cksource.com/ Software Link: https://ckeditor.com/ckeditor-5/download/ Version: 35.4.0 Tested on: Linux / Web CVE : CVE-2022-48110 CKSource CKEditor5 35.4.0 was discovered to contain...

6.1CVSS6.9AI score0.02097EPSS