February 14th, 2024 | 🕒
iSpeech.org SEC Consult Vulnerability Lab Security Advisory < 20240212-0 >=======================================================================title: Multiple Stored Cross-Site Scripting vulnerabilitiesproduct: Statamic CMSvulnerable version: <4.46.0, <3.4.17fixed
February 14th, 2024 | 🕒
TTS ## Title: XoopsCore25-2.5.11-XSS-Reflected## Author: nu11secur1ty## Date: 02/12/2024## Vendor: https://xoops.org/## Software: https://github.com/XOOPS/XoopsCore25/releases/tag/v2.5.11## Reference: https://portswigger.net/kb/issues/00200300_cross-site-scripting-reflected ## Description:The value of the yname
February 9th, 2024 | 🕒
https://www.ispeech.org # Exploit Title: Advanced Page Visit Counter 1.0 - Admin+ Stored Cross-SiteScripting (XSS) (Authenticated)# Date: 11.10.2023# Exploit Author: Furkan
February 6th, 2024 | 🕒
iSpeech # Exploit Title: MISP 2.4.171 Stored XSS CVE-2023-37307] (Authenticated)# Date: 8th October 2023# Exploit Author: Mücahit Çeri# Vendor Homepage:
February 6th, 2024 | 🕒
iSpeech # Exploit Title: WhatsUpGold 22.1.0 - Stored Cross-Site Scripting (XSS)# Date: April 18, 2023# Exploit Author: Andreas Finstad (4ndr34z)#
February 6th, 2024 | 🕒
https://www.ispeech.org # Exploit Title: GYM MS - GYM Management System - Cross Site Scripting (Stored)# Date: 29/09/2023# Vendor Homepage: https://phpgurukul.com/gym-management-system-using-php-and-mysql/#
February 6th, 2024 | 🕒
https://www.ispeech.org/text.to.speech # Exploit Title: simple urls < 115 XSS# Google Dork:# Exploit Author: AmirZargham# Vendor Homepage: https://getlasso.co/# Software Link: https://wordpress.org/plugins/simple-urls/#
January 30th, 2024 | 🕒
iSpeech.org ## Title: PHPJ-Callback-Widget-1.0-XSS-Stored-admin-Hijacking## Author: nu11secur1ty## Date: 01/26/2024## Vendor: https://www.phpjabbers.com/## Software: https://www.phpjabbers.com/callback-widget/## Reference: https://portswigger.net/web-security/cross-site-scripting ## Description:The Callback Requests function is
January 30th, 2024 | 🕒
Text to Speech Voices ## Title: PHPJ-Callback-Widget-1.0-XSS-Stored-admin-Hijacking## Author: nu11secur1ty## Date: 01/26/2024## Vendor: https://www.phpjabbers.com/## Software: https://www.phpjabbers.com/callback-widget/## Reference: https://portswigger.net/web-security/cross-site-scripting ## Description:The Callback
January 30th, 2024 | 🕒
iSpeech ## Title: Interactive-Floor-Plan-1.0-XSS-Reflected-SESSION-Hijacking## Author: nu11secur1ty## Date: 01/28/2024## Vendor: https://www.phpjabbers.com/## Software: https://www.phpjabbers.com/interactive-floor-plan-software/#sectionDemo## Reference: https://portswigger.net/web-security/cross-site-scripting/reflected ## Description:The value of the action
January 13th, 2024 | 🕒
iSpeech # Exploit Title: PHPJabbers Shared Asset Booking System v1.0 -Multiple Stored XSS# Date: 19/12/2023# Exploit Author: BugsBD Limited# Discover
January 13th, 2024 | 🕒
iSpeech.org # Exploit Title: PHPJabbers Cleaning Business Software v1.0 - MultipleStored XSS# Date: 19/12/2023# Exploit Author: BugsBD Limited# Discover by:
January 13th, 2024 | 🕒
https://www.ispeech.org/text.to.speech # Exploit Title: PHPJabbers Cinema Booking System v1.0 - Reflected Cross-Site Scripting# Date: 19/12/2023# Exploit Author: BugsBD Limited# Discover
January 12th, 2024 | 🕒
french text to speech # Exploit Title: PHPJabbers Event Ticketing System v1.0 - Multiple HTML Injection# Date: 19/12/2023# Exploit Author:
Gloss