Skip to content

Instantly share code, notes, and snippets.

View CVE-2019-17526
# Exploit Title: SageCell Python Web Injection Vulnerability
# Google Dork:
# Date: 10/13/19
# Exploit Author: Christopher J. Barretto @ Advoqt
# Vendor Homepage:
# Software Link:
# Version: SageCell - ALL VERSIONS
# Tested on: Unix
# CVE : CVE-2019-17526 (issued in progress)
barrett092 / gist:c70752ca6960b8b9616a03006f291a28
Last active Jun 1, 2018
EMS Master Calendar Reflected XSS Vulnerability (<
View gist:c70752ca6960b8b9616a03006f291a28
Data input into EMS Master Calendar before via URL parameters are not properly sanitized, allowing malicious attackers to send a crafted URL and execute code in the context of the user's browser.
Additional Information:
CVE-Reference: CVE-2018-11628
Product: EMS Master Calendar
Vendor: EMS Software
Vulnerable Version: Before