Pinned Repositories
CVE-2022-28598
Persistent XSS on 'last_known_version' field (My Settings)
CVE-2024-41301-Bookea-tu-Mesa-is-vulnerable-to-Stored-Cross-Site-Scripting
CVE-2024-41302-Bookea-tu-Mesa-is-vulnerable-to-SQL-Injection
Bookea-tu-Mesa is vulnerable to SQL Injection
django.nv
oVirt-4.3-Reflected-Cross-Site-Scripting
oVirt-engine Open Virtualization Manager version 4.3 login page is vulnerable to reflected Cross-site scripting (XSS). The parameter "scope" fails to sanitize the entry, allowing the malicious script to execute as part of the GET request.
pwndoc-ng
Pentest Report Generator
TextPattern-CMS-4.9.0-dev-Authenticated-Remote-Command-Execution-RCE-Through-File-Upload
Textpattern version 4.9.0 is vulnerable to Remote Code Execution (RCE) due to the file upload functionality allowing unrestricted PHP file uploads, potentially leading to remote code execution.
TextPattern-CMS-4.9.0-dev-SVG-Stored-Cross-Site-Scripting-Authenticated
TextPattern CMS version 4.9.0 is vulnerable to stored cross-site scripting (XSS) during file uploads involving SVG files. The attack is executed by uploading a specially crafted SVG file containing malicious scripts, which are then rendered by the browser.
Textpattern-version-4.9.0-Authenticated-Stored-Cross-Site-Scripting
Textpattern version 4.9.0 is vulnerable to a stored cross-site scripting (XSS) attack in the "write Body" parameter. This vulnerability allows attackers to inject and execute malicious scripts in the browsers of unsuspecting users.
tool-cheat-sheets
patrickdeanramos's Repositories
patrickdeanramos/CVE-2022-28598
Persistent XSS on 'last_known_version' field (My Settings)
patrickdeanramos/CVE-2024-41301-Bookea-tu-Mesa-is-vulnerable-to-Stored-Cross-Site-Scripting
patrickdeanramos/CVE-2024-41302-Bookea-tu-Mesa-is-vulnerable-to-SQL-Injection
Bookea-tu-Mesa is vulnerable to SQL Injection
patrickdeanramos/django.nv
patrickdeanramos/oVirt-4.3-Reflected-Cross-Site-Scripting
oVirt-engine Open Virtualization Manager version 4.3 login page is vulnerable to reflected Cross-site scripting (XSS). The parameter "scope" fails to sanitize the entry, allowing the malicious script to execute as part of the GET request.
patrickdeanramos/pwndoc-ng
Pentest Report Generator
patrickdeanramos/TextPattern-CMS-4.9.0-dev-Authenticated-Remote-Command-Execution-RCE-Through-File-Upload
Textpattern version 4.9.0 is vulnerable to Remote Code Execution (RCE) due to the file upload functionality allowing unrestricted PHP file uploads, potentially leading to remote code execution.
patrickdeanramos/TextPattern-CMS-4.9.0-dev-SVG-Stored-Cross-Site-Scripting-Authenticated
TextPattern CMS version 4.9.0 is vulnerable to stored cross-site scripting (XSS) during file uploads involving SVG files. The attack is executed by uploading a specially crafted SVG file containing malicious scripts, which are then rendered by the browser.
patrickdeanramos/Textpattern-version-4.9.0-Authenticated-Stored-Cross-Site-Scripting
Textpattern version 4.9.0 is vulnerable to a stored cross-site scripting (XSS) attack in the "write Body" parameter. This vulnerability allows attackers to inject and execute malicious scripts in the browsers of unsuspecting users.
patrickdeanramos/tool-cheat-sheets
patrickdeanramos/WonderCMS-version-3.4.3-is-vulnerable-to-Server-Side-Request-Forgery
WonderCMS version 3.4.3 is vulnerable to Server-Side Request Forgery (SSRF), allowing an attacker to make requests to unauthorized internal resources through the pluginThemeUrl parameter on the Plugins Page.
patrickdeanramos/WonderCMS-version-3.4.3-SVG-Stored-Cross-Site-Scripting
WonderCMS version 3.4.3 is vulnerable to stored cross-site scripting (XSS) during file uploads involving SVG files.