Peithon

## CVE-2021-3355
Product: LightCMS

CVE: CVE-2021-3355

Version: v1.3.4

Vulnerability: Stored Cross-Site Scripting

Vulnerability Description:  LightCMS v1.3.4 allowing an attacker to execute HTML or JavaScript code via "exclusive" parameter at `/admin/SensitiveWords` page.

## CVE-2020-20698
Product: S-CMS

CVE: CVE-2020-20698

Version: PHP enterprise edition v3.0

Vulnerability: Remote Code Execution

Vulnerability Description:  A remote code execution (RCE) vulnerability in /1.com.php of S-CMS PHP v3.0 allows attackers to getshell via modification of a PHP file.

## CVE-2020-20701
Product: S-CMS

CVE: CVE-2020-20701

Version: PHP enterprise edition v3.0

Vulnerability: Stored Cross-Site Scripting

Vulnerability Description:  A stored cross site scripting (XSS) vulnerability in /app/config/of S-CMS PHP v3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.

## CVE-2020-20700
Product: S-CMS

CVE: CVE-2020-20700

Version: PHP enterprise edition v3.0

Vulnerability: Stored Cross-Site Scripting

Vulnerability Description:  A stored cross site scripting (XSS) vulnerability in /app/form_add/of S-CMS PHP v3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the Title Entry text box.

## CVE-2020-20699
Product: S-CMS

CVE: CVE-2020-20699

Version: PHP enterprise edition v3.0

Vulnerability: Stored Cross-Site Scripting

Vulnerability Description:  A cross site scripting (XSS) vulnerability in S-CMS PHP v3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the Copyright text box under Basic Settings.

## Pwn2Own2021MSExchangeExploit.py
import base64
import re
import xml.dom.minidom
import json
import uuid
import struct
import string
import random
import hashlib
import time
	Product: LightCMS

	CVE: CVE-2021-3355

	Version: v1.3.4

	Vulnerability: Stored Cross-Site Scripting

	Vulnerability Description: LightCMS v1.3.4 allowing an attacker to execute HTML or JavaScript code via "exclusive" parameter at `/admin/SensitiveWords` page.
	Product: S-CMS

	CVE: CVE-2020-20698

	Version: PHP enterprise edition v3.0

	Vulnerability: Remote Code Execution

	Vulnerability Description: A remote code execution (RCE) vulnerability in /1.com.php of S-CMS PHP v3.0 allows attackers to getshell via modification of a PHP file.
	Product: S-CMS

	CVE: CVE-2020-20701

	Version: PHP enterprise edition v3.0

	Vulnerability: Stored Cross-Site Scripting

	Vulnerability Description: A stored cross site scripting (XSS) vulnerability in /app/config/of S-CMS PHP v3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
	Product: S-CMS

	CVE: CVE-2020-20700

	Version: PHP enterprise edition v3.0

	Vulnerability: Stored Cross-Site Scripting

	Vulnerability Description: A stored cross site scripting (XSS) vulnerability in /app/form_add/of S-CMS PHP v3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the Title Entry text box.
	Product: S-CMS

	CVE: CVE-2020-20699

	Version: PHP enterprise edition v3.0

	Vulnerability: Stored Cross-Site Scripting

	Vulnerability Description: A cross site scripting (XSS) vulnerability in S-CMS PHP v3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the Copyright text box under Basic Settings.
	import base64
	import re
	import xml.dom.minidom
	import json
	import uuid
	import struct
	import string
	import random
	import hashlib
	import time