Research: #CMS, CRM and Forums

To all tags

CraftCMS Zero-day Chain: XSS to SSTI triggering RCE

Public Disclosure of CVE-2021-27902 and CVE-2021-27903

Relative Path Traversal in Flarum using fake OAuth Provider

XSS in Unified Transform (A school management software)

Stored Cross Site Scripting in October CMS

Cross Site Scripting in digidocu

Internal IP Address leak in Misconfigured WordPress to bypass WAF