Exploit Title: SnipCommand 0.1.0 - Persistent Cross-Site Scripting EDB-ID: 49829 CVE: N/A Author: TAURUSOMAR Type: WEBAPPS Platform: MULTIPLE Date: 2021-05-05 Vulnerable App: SnipCommand Vendor Homepage: https://github.com/gurayyarar/SnipCommand Version: 0.1.0 Tested on: Windows, Linux, MacOS Software Description: Open source command snippets manager for organize and copy fast. It helps you create, organize and store your commands (Excel formulas, Sql Queries, Terminal commands, etc.) with dynamic parameters for quick copy to it. Describe your commands with dynamic parameters also support documentation about your snippets. You can select or specify your dynamic values using with selectbox/inputbox for ready to paste the workspace. You can organize with tags. Payload: exec(Attacker Reverse netcat stolen -> /etc/passwd) && exec(calc) CVSS: 3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Risk: High (8.8)