>> CATEGORY: Security

Cemetry Mapping and Information System 1.0 – Multiple Stored Cross-Site Scripting

WordPress Plugin Custom Global Variables 1.0.5 – ‘name’ Stored Cross-Site Scripting (XSS)

OpenCart 3.0.36 – ATO via Cross Site Request Forgery

Life Insurance Management System 1.0 – Multiple Stored XSS

Online Doctor Appointment System 1.0 – Multiple Stored XSS

Cockpit Version 234 – Server-Side Request Forgery (Unauthenticated)

Apache Flink 1.11.0 – Unauthenticated Arbitrary File Read (Metasploit)

dnsrecon 0.10.0 – CSV Injection

WordPress Plugin Autoptimize 2.7.6 – Authenticated Arbitrary File Upload (Metasploit)

WordPress Plugin wpDiscuz 7.0.4 – Unauthenticated Arbitrary File Upload (Metasploit)