CVE-2021-46071 Exploit Title: Vehicle Service Management System – ‘Category List’ Stored Cross Site Scripting (XSS)Exploit Author: P.L.SanuCVE: CVE-2021-46071CVSS: 4.8 MEDIUMReferences:https://www.plsanu.com/vehicle-service-management-system-category-list-stored-cross-site-scripting-xsshttps://nvd.nist.gov/vuln/detail/CVE-2021-46071https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46071 Description:A Stored Cross Site Scripting (XSS) vulnerability exists in Vehicle Service Management System 1.0 via the Category List Section in...

CVE-2021-46067 Exploit Title: Vehicle Service Management System – ‘Multiple’ Cookie Stealing Leads to Full Account TakeoverExploit Author: P.L.SanuCVE: CVE-2021-46067CVSS: 9.8 CRITICALReferences:https://www.plsanu.com/vehicle-service-management-system-multiple-cookie-stealing-leads-to-full-account-takeoverhttps://nvd.nist.gov/vuln/detail/CVE-2021-46067https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46067 Description:In Vehicle Service Management System 1.0 an attacker can steal the cookies leading to Full Account Takeover. 1. Vehicle...