Raxis Discovered Vulnerabilities

Raxis original discovered vulnerabilities that were identified during real engagement work, validated with the vendor, and assigned a CVE identifier through MITRE.

the exploit blog logo
The Exploit: Penetration Testing Insights From The Frontlines

Articles Categorized as Raxis Discovered Vulnerabilities

  • CVE-2022-24681: ManageEngine AD SelfService Plus Stored Cross-Site Scripting (XSS)
    CVE-2022-24681: ManageEngine AD SelfService Plus Stored Cross-Site Scripting (XSS)
    Raxis’ Matt Dunn continues his prolific discovery of new CSS CVEs. This one affects ManageEngine AD SelfService Plus Stored Cross-Site Scripting.
    Read More
  • Nagios XI Stored Cross-Site Scripting (XSS): CVE-2021-38156
    Nagios XI Stored Cross-Site Scripting (XSS): CVE-2021-38156
    Nagios is open-source network and system monitoring software. Raxis’ Matt Dunn has discovered a cross-site scripting vulnerability that could leave users open to attack.
    Read More
  • PRTG Network Monitor Stored Cross-Site Scripting Vulnerability (CVE-2021-29643)
    PRTG Network Monitor Stored Cross-Site Scripting Vulnerability (CVE-2021-29643)
    Raxis lead penetration tester Matt Dunn uncovers a new vulnerability in the PRTG Network Monitor (CVE-2021-29643). Read more here.
    Read More
  • JavaScript Execution to Display User's Cookie in an Alert Box
    ManageEngine Applications Manager Stored Cross-Site Scripting Vulnerability (CVE-2021-31813)
    Raxis’ Matt Dunn has discovered another ManangeEngine cross-site scripting (XSS) vulnerability, this time in the Applications Manager product (CVE-2021-31813).
    Read More
  • Unescaped JavaScript Tags
    ManageEngine Key Manager Plus Cross-Site Scripting Vulnerability (CVE-2021-28382)
    Raxis’ Lead Penetration Tester Matt Dunn discovers another cross-site scripting vulnerability in Zoho’s MangeEngine Key Manager Plus (CVE-2021-28382).
    Read More
  • Cross-Site Scripting Vulnerability in ManageEngine AD Self Service Plus (CVE-2021-27956)
    Cross-Site Scripting Vulnerability in ManageEngine AD Self Service Plus (CVE-2021-27956)
    Raxis lead penetration tester Matt Dunn has uncovered a new cross-site scripting vulnerability in Manage Engine AD Self Service Plus (CVE-2021-27956). Find out more here.
    Read More