Skip to main content

Dev Blog

2 CVEs product

Monthly

CVE-2023-6144 MEDIUM POC This Month

Dev blog v1.0 allows to exploit an account takeover through the "user" cookie. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Authentication Bypass Dev Blog
NVD GitHub
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-6142 MEDIUM POC This Month

Dev blog v1.0 allows to exploit an XSS through an unrestricted file upload, together with a bad entropy of filenames. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload XSS Dev Blog
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
EPSS 0% CVSS 4.8
MEDIUM POC This Month

Dev blog v1.0 allows to exploit an account takeover through the "user" cookie. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Authentication Bypass Dev Blog
NVD GitHub
EPSS 0% CVSS 5.4
MEDIUM POC This Month

Dev blog v1.0 allows to exploit an XSS through an unrestricted file upload, together with a bad entropy of filenames. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload XSS Dev Blog
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy