Skip to content

Instantly share code, notes, and snippets.

View CVE-2019-17526
# Exploit Title: SageCell Python Web Injection Vulnerability
# Google Dork:
# Date: 10/13/19
# Exploit Author: Christopher J. Barretto @ Advoqt
# Vendor Homepage: www.advoqt.com
# Software Link: https://sagecell.sagemath.org/
# Version: SageCell - ALL VERSIONS
# Tested on: Unix
# CVE : CVE-2019-17526 (issued in progress)
@barrett092
barrett092 / gist:c70752ca6960b8b9616a03006f291a28
Last active Jun 1, 2018
EMS Master Calendar Reflected XSS Vulnerability (<8.0.0.20180520)
View gist:c70752ca6960b8b9616a03006f291a28
Data input into EMS Master Calendar before 8.0.0.201805210 via URL parameters are not properly sanitized, allowing malicious attackers to send a crafted URL and execute code in the context of the user's browser.
------------------------------------------
Additional Information:
CVE-Reference: CVE-2018-11628
Product: EMS Master Calendar
Vendor: EMS Software
Vulnerable Version: Before 8.0.0.20180521