Skip to content

Instantly share code, notes, and snippets.

View enferas's full-sized avatar

Feras Al-Kassar enferas

  • Jean Monnet University
  • Saint-Etienne, France
View GitHub Profile
@enferas
enferas / CVE-2018-12255.md
Created January 27, 2023 15:37
old reported CVE-2018-12255
View CVE-2018-12255.md
@enferas
enferas / CVE-2019-7223.md
Created January 27, 2023 15:26
Old reported CVE-2019-7223
View CVE-2019-7223.md
@enferas
enferas / CVE-2018-16772.md
Created January 27, 2023 14:52
old reported CVE-2018-16772
View CVE-2018-16772.md
@enferas
enferas / CVE-2022-28586.md
Created January 27, 2023 14:34
Old reported CVE-2022-28586
View CVE-2022-28586.md
@enferas
enferas / CVE-2020-26043.md
Created January 27, 2023 13:45
Old reported CVE-2020-26043
View CVE-2020-26043.md
@enferas
enferas / CVE-2023-23026.md
Created January 24, 2023 11:19
CVE-2023-23026
View CVE-2023-23026.md
@enferas
enferas / CVE-2023-23011.md
Created January 24, 2023 11:14
CVE-2023-23011
View CVE-2023-23011.md

CVE-2023-23011 is assigned Cross Site Scripting (XSS) vulnerability in InvoicePlane 1.6 via filter_product input to file modal_product_lookups.php

Link: https://github.com/InvoicePlane/InvoicePlane

Multiple XSS vulnerabilities.

Vulnerability1: In file InvoicePlane-development\application\modules\products\controllers\Ajax.php

@enferas
enferas / CVE-2022-0372.md
Created January 11, 2023 17:14
old CVE-2022-0372
View CVE-2022-0372.md

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0372

In file app\Http\Controllers\V1\Admin\Settings\CompanyController.php

public function uploadAvatar(Request $request){
    //...
        $data = json_decode($request->avatar);
        $user->addMediaFromBase64($data->data)
            ->usingFileName($data->name)
 ->toMediaCollection('admin_avatar');
@enferas
enferas / CVE-2018-19917.md
Last active January 9, 2023 10:19
old CVE CVE-2018-19917
View CVE-2018-19917.md