Kitsun3Sec/exploits

Kitsun3Sec/exploits

Releases0

Stars10

Public Exploits

Log in to subscribe

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2021-3486 ↗	May 26, 2021Wednesday, 26 May 2021, 22:15	6.1 MEDIUM	4.3 MEDIUM
GLPi 9.5.4 does not sanitize the metadata. This way its possible to insert XSS into plugins to execute JavaScript code.
CVE-2021-30144 ↗	Apr 6, 2021Tuesday, 6 April 2021, 05:15	4.3 MEDIUM	4 MEDIUM
The Dashboard plugin through 1.0.2 for GLPI allows remote low-privileged users to bypass access control on viewing information about the last ten events, the connected users, and the users in the tech category. For example, plugins/dashboard/front/main2.php can be used.
CVE-2019-13977 ↗	Jul 19, 2019Friday, 19 July 2019, 07:15	—	3.5 LOW
index.php in Ovidentia 8.4.3 has XSS via tg=groups, tg=maildoms&idx=create&userid=0&bgrp=y, tg=delegat, tg=site&idx=create, tg=site&item=4, tg=admdir&idx=mdb&id=1, tg=notes&idx=Create, tg=admfaqs&idx=Add, or tg=admoc&idx=addoc&item=.
CVE-2019-13978 ↗	Jul 19, 2019Friday, 19 July 2019, 07:15	—	6.5 MEDIUM
Ovidentia 8.4.3 has SQL Injection via the id parameter in an index.php?tg=delegat&idx=mem request.