Sergio Roman's repositories
CockpitCMS-Arbitrary-File-Upload--XSS---Assets
Cockpit CMS 2.7.0 is affected by File Upload - XSS vulnerability that allows attackers to upload a PDF file with a hidden XSS that when executed will launch the XSS pop-up
CVE-2023-41436-CSZ-CMS-Stored-XSS---Pages-Content
CSZ CMS 1.3.0 is affected by a Cross-Site Scripting (XSS) vulnerability that allows attackers to execute arbitrary code via a crafted payload to the Additional Meta Tag parameter in the Pages Content Menu.
CVE-2023-43341-Evolution-Reflected-XSS---Installation-Connection-
Evolution CMS 3.2.3 is affected by a Cross-Site Scripting (XSS) vulnerability that allows attackers to execute arbitrary code via a crafted payload in the installation/connection process.
CVE-2023-43877-RiteCMS-Stored-XSS---Home
RiteCMS 3.0 is affected by a Multiple Cross-Site Scripting (XSS) vulnerability that allows attackers to execute arbitrary code via a crafted payload to the Home settings page in the Administration Menu
CVE-2023-43352-CMSmadesimple-SSTI--Content
SSTI vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to use native template syntax to inject a malicious payload into a template, which is then executed server-side
CVE-2023-43353-CMSmadesimple-Stored-XSS---News---Extra
Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Extrain the Content - News Menu.
CVE-2023-43354-CMSmadesimple-Stored-XSS---MicroTIny-extension
Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Profile in the MicroTIny Menu.
CVE-2023-43355-CMSmadesimple-Reflected-XSS---Add-user
Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the password and password again in the My Preferences - Add user
CVE-2023-43356-CMSmadesimple-Stored-XSS---Global-Settings
Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Global Meatadata in the Settings- Global Settings Menu.
CVE-2023-43357-CMSmadesimple-Stored-XSS---Shortcut
Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Title in the My Preferences - Manage Shortcuts
CVE-2023-43358-CMSmadesimple-Stored-XSS---News
Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Title in the Content - News Menu.
CVE-2023-43359-CMSmadesimple-Stored-XSS----Content-Manager
Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to Page Specific Metadata and Smarty data in the Content Manager Menu.
CVE-2023-43360-CMSmadesimple-Stored-XSS---File-Picker-extension
Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Top Directory in the File Picker Menu.
CVE-2023-43878-RiteCMS-Stored-XSS---MainMenu
RiteCMS 3.0 is affected by a Multiple Cross-Site Scripting (XSS) vulnerability that allows attackers to execute arbitrary code via a crafted payload to the Main Menu - Items in the Administration Menu
CVE-2023-43879-RiteCMS-Stored-XSS---GlobalContent
About RiteCMS 3.0 is affected by a Multiple Cross-Site Scripting (XSS) vulnerability that allows attackers to execute arbitrary code via a crafted payload to the Global Content Blocks in the Administration Menu
CVE-2023-44758_GDidees-CMS-Stored-XSS---Title
GDidees CMS 3.9.2 is affected by a Cross-Site Scripting (XSS) vulnerability that allows attackers to execute arbitrary code via a crafted payload to the Page Title
CVE-2023-44760_ConcreteCMS-Stored-XSS---TrackingCodes
Multiple Cross Site Scripting vulnerability in ConcreteCMS v.9.2.1 allows a local attacker to execute arbitrary code via a crafted script to the Header and Footer Tracking Codes of the SEO & Statistics
CVE-2023-44761_ConcreteCMS-Stored-XSS---Forms
Cross Site Scripting vulnerability in ConcreteCMS v.9.2.1 allows a local attacker to execute arbitrary code via a crafted script to the Form of the Data Objects.
CVE-2023-44762_ConcreteCMS-Reflected-XSS---Tags
Cross Site Scripting vulnerability in ConcreteCMS v.9.2.1 allows a local attacker to execute arbitrary code via a crafted script to the Tags from Settings - Tags
CVE-2023-44763_ConcreteCMS-Arbitrary-file-upload-Thumbnail
ConcreteCMS v.9.2.1 is affected by Arbitrary File Upload vulnerability that allows Cross-Site Scriting (XSS) Stored.
CVE-2023-44764_ConcreteCMS-Stored-XSS---Site_Installation
Cross Site Scripting vulnerability in ConcreteCMS v.9.2.1 allows a local attacker to execute arbitrary code via a crafted script to the SITE from installation or Settings.
CVE-2023-44765_ConcreteCMS-Stored-XSS---Associations
Cross Site Scripting vulnerability in ConcreteCMS v.9.2.1 allows a local attacker to execute arbitrary code via a crafted script to the Plural Handle of the Data Objects from System & Settings
CVE-2023-44766_ConcreteCMS-Stored-XSS---SEO
Cross Site Scripting vulnerability in ConcreteCMS v.9.2.1 allows a local attacker to execute arbitrary code via a crafted script to the SEO - Header Extra Content from Page Settings.
CVE-2023-44767_RiteCMS-File-Upload--XSS---Filemanager
RiteCMS 3.0 is affected by File Upload - XSS vulnerability that allows attackers to upload a PDF file with a hidden XSS that when executed will launch the XSS pop-up
CVE-2023-44769_ZenarioCMS--Reflected-XSS---Alias
Zenariocms 9.4.59197 is affected by a Cross-Site Scripting (XSS) vulnerability that allows attackers to execute arbitrary code via a crafted payload to the Spare aliases from Alias.
CVE-2023-44770_ZenarioCMS--Reflected-XSS---Organizer-Alias
Zenariocms 9.4.59197 is affected by a Cross-Site Scripting (XSS) vulnerability that allows attackers to execute arbitrary code via a crafted payload to the Spare alias from organizer.
CVE-2023-44771_ZenarioCMS--Stored-XSS---Page-Layout
Zenariocms 9.4.59197 is affected by a Cross-Site Scripting (XSS) vulnerability that allows attackers to execute arbitrary code via a crafted payload to the Page Layout
Pluck-CMS-Stored-XSS---Installation
pluck CMS 4.7.18 is affected by a Multiple Stored Cross-Site Scripting (XSS) vulnerability that allows attackers to execute arbitrary code via a crafted payload to the cont1 and cont2 parameters in the installation process- Website Name that will appear both pop-ups on the main page.
TotalCMS-Arbitrary_File-Upload--XSS_Steal_Cookies---TotalDepot
TotalCMS is affected by Arbitrary File Upload - XSS vulnerability which allows Cross-Site Scriting (XSS) Stored and also stealing session cookies
TotalCMS-Stored-XSS---Post
TotalCMS is affected by a cross-site stored scripting (XSS) vulnerability that allows attackers to execute arbitrary code via a payload crafted in the Post settings.