Skip to main content

CVE-2021-35956
Stored cross-site scripting (XSS) in the embedded webserver of AKCP sensorProbe before SP480-20210624 enables remote authenticated attackers to introduce arbitrary JavaScript via the Sensor Description, Email (from/to/cc), System Name, and System Location fields.

CVE-2021-3441
Stored cross-site scripting (XSS) in the embedded webserver of certain HP OfficeJet Printers—including the 4630 e-All-in-One Printer and 7110 Wide Format ePrinter— enables remote unauthenticated attackers to introduce arbitrary JavaScript via the printer name and printer location fields.

Obsrva Proof of Concepts

Obsrva develops proof of concept exploits for discovered vulnerabilities and publishes them on the exploit database (exploit-db.com). PoC’s can also be found on GitHub where PR’s are welcome for the community to collaborate.

Latest PoC's

Each proof of concept includes an embedded link to a GitHub Gist exploit

Connect on Twitter

Tweets by Obsrva_

Obsrva Proof of Concepts

Latest PoC's

CVE-2021-3441 Proof of Concept Exploit

AKCP sensorProbe SPX476 - 'Multiple' Cross-Site Scripting (XSS)

PHP Timeclock 1.04 - 'Multiple' Cross Site Scripting (XSS)

PHP Timeclock 1.04 - Time and Boolean Based Blind SQL Injection

Connect on Twitter