CraftCMS Zero-day Chain: XSS to SSTI triggering RCE Public Disclosure of CVE-2021-27902 and CVE-2021-27903 July 29, 2021 ◦ 14 min ◦ Security #CraftCMS #XSS #SSTI #RCE #bug bounty #stored cross site scripting #server side template injection #remote code execution #CVE-2021-27902 #CVE-2021-27903
XSS in Unified Transform (A school management software) May 18, 2021 ◦ 1 min ◦ Security #cross site scripting #Unified Transform #Huntr #bug bounty #stored cross site scripting #school management software #account takeover
Stored Cross Site Scripting in October CMS April 3, 2021 ◦ 1 min ◦ Security #cross site scripting #October CMS #Huntr #bug bounty #stored cross site scripting