CVE - SANU P.L

CVE

By SANU P.L January 31, 2024 No Comments

LetterPress <= 1.2.1 – Open Redirection Via Html Injection Vulnerability

Exploit Title: LetterPress <= 1.2.1 – Open Redirection Via Html Injection Vulnerability Exploit Author: P.L.Sanu CVE: CVSS: References: https://github.com/plsanu/LetterPress-1.2.1-Open-Redirection-Via-Html-Injection-Vulnerability Description: In LetterPress plugin <= 1.2.1 is vulnerable to Html Injection Vulnerability which can futher leads to Open Redirection Vulnerabilty. Exploit:...

CVE

By SANU P.L January 31, 2024 No Comments

LetterPress <= 1.2.1 – Cookie Stealing Vulnerability

Exploit Title: LetterPress <= 1.2.1 – Cookie Stealing VulnerabilityExploit Author: P.L.SanuCVE: CVSS: References: https://github.com/plsanu/LetterPress-1.2.1-Cookie-Stealing-Vulnerability Description:In LetterPress plugin <= 1.2.1 is vulnerable to Cookie Stealing Vulnerability. An attacker can able to steal the cookies by injecting the JavaScript code. Exploit:1. In...

CVE

By SANU P.L December 29, 2021 No Comments

Vehicle Service Management System – ‘Multiple’ Cross-Site Request Forgery (CSRF) Leads to Stored Cross Site Scripting (XSS)

CVE-2021-46080 Exploit Title: Vehicle Service Management System – ‘Multiple’ Cross-Site Request Forgery (CSRF) Leads to Stored Cross Site Scripting (XSS) Exploit Author: P.L.Sanu CVE: CVE-2021-46080 CVSS: 4.8 MEDIUM References: Vehicle Service Management System – ‘Multiple’ Cross-Site Request Forgery (CSRF) Leads...

By SANU P.L December 29, 2021 No Comments

Vehicle Service Management System – ‘Multiple’ File upload Leads to Html Injection

CVE-2021-46079 Exploit Title: Vehicle Service Management System – ‘Multiple’ File upload Leads to Html InjectionExploit Author: P.L.SanuCVE: CVE-2021-46079CVSS: 7.2 HIGHReferences:https://www.plsanu.com/vehicle-service-management-system-multiple-file-upload-leads-to-html-injectionhttps://nvd.nist.gov/vuln/detail/CVE-2021-46079https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46079 Description:An Unrestricted File Upload vulnerability exists in Sourcecodester Vehicle Service Management System 1.0. A remote attacker can upload malicious files...

Category: CVE

LetterPress <= 1.2.1 – Open Redirection Via Html Injection Vulnerability

LetterPress <= 1.2.1 – Cookie Stealing Vulnerability

Vehicle Service Management System – ‘Multiple’ Cross-Site Request Forgery (CSRF) Leads to Stored Cross Site Scripting (XSS)

Vehicle Service Management System – ‘Multiple’ File upload Leads to Html Injection