CVEs

A list of my current public CVE’s can be seen below. If a write up exists, it will be linked with the ID:

• CVE-2020-28149 - myDBR - CSRF Token injection to XSS

• CVE-2020-26889 - FileVista - Stored XSS in SVG

• CVE-2020-26888 - FileVista - Cookie injection to XSS

• CVE-2020-24985 - Quadbase v7u9 - RFI to reflected XSS

• CVE-2020-24984 - Quadbase v7u9 - CSRF to unsafe file Upload

• CVE-2020-24983 - Quadbase v7u9 - XSS via CSRF (Dashboard builder)

• CVE-2020-24982 - Quadbase v7u9 - Account takeover via CSRF (email change)

• TODO - Quadbase v7u8 - Directory Traversal in Upload (filename)

• TODO - Quadbase v7u8 - Unsafe File Upload