header-logo
Suggest Exploit
explore-vulnerabilities

Explore Vulnerabilities

Version
Year

Explore all Exploits:

Pydio Cells 4.1.2 – Cross-Site Scripting (XSS) via File Download

When a file named 'xss.html' is downloaded in the Pydio Cells web application, a download URL is generated. The URL contains a parameter 'response-content-disposition' which is set to 'attachment' causing the browser to download the file instead of interpreting it. The URL also contains a signature, expiry timestamp, and the user's JWT for authentication. The access key with the ID 'gateway' is referenced, which can be found in the JavaScript sources of Pydio Cells together with the secret.

Faculty Evaluation System 1.0 – Unauthenticated File Upload

This exploit allows an attacker to upload files to the Faculty Evaluation System 1.0 without authentication, potentially leading to remote code execution. The vulnerability exists in the login.php page, which does not properly validate user input.

Online Security Guards Hiring System 1.0 – REFLECTED XSS

The Online Security Guards Hiring System version 1.0 is vulnerable to a reflected XSS attack. This allows an attacker to execute malicious scripts in the victim's browser, potentially leading to unauthorized access or data theft.

WBCE CMS 1.6.1 – Multiple Stored Cross-Site Scripting (XSS)

The WBCE CMS version 1.6.1 is vulnerable to multiple stored cross-site scripting (XSS) attacks. An attacker can upload a malicious SVG file containing a script that will be executed when viewed by an authenticated user with administrative privileges. This can lead to the execution of arbitrary code or the theft of sensitive information.

Recent Exploits: