eval.blog

Research: #CMS, CRM and Forums

To all tags

CraftCMS Zero-day Chain: XSS to SSTI triggering RCE

Public Disclosure of CVE-2021-27902 and CVE-2021-27903
July 29, 2021 ◦ 14 min ◦

Relative Path Traversal in Flarum using fake OAuth Provider

June 11, 2021 ◦ 1 min ◦

XSS in Unified Transform (A school management software)

May 18, 2021 ◦ 1 min ◦

Stored Cross Site Scripting in October CMS

April 3, 2021 ◦ 1 min ◦

Cross Site Scripting in digidocu

March 30, 2021 ◦ 1 min ◦

Internal IP Address leak in Misconfigured WordPress to bypass WAF

December 27, 2020 ◦ 3 min ◦