Disclosure date:  08/17/19

CVE-2019-15228

FuelCMS 1.4.4 and possibly before are affected by a Cross Site Scripting vulnerability in the Create Blocks section of the Admin console.  This could lead to cookie stealing and other malicious
actions.  This vulnerability can be exploited with an authenticated account but can also impact unauthenticated visitors.

Disclosure date:  08/16/19

CVE-2019-15227

Flightpath 4.8.3 and possibly before are affected by numerous Cross Site Script vulnerabilities in the "Content", "Edit urgent message", and "Users" section of the Admin Console.  This could lead to cookie stealing and other malicious actions.  This vulnerability can be exploited with an authenticated account but can also impact unauthenticated visitors.

The description states:  "Covenant is a .NET command and control framework that aims to highlight the attack surface of .NET, make the use of offensive .NET tradecraft easier, and serve as a collaborative command and control platform for red teamers."

I wanted to like this and perhaps there's much to like but when I'm looking at these types of frameworks, I'm interested in how it can help me.  There's definitely a red team / blue team component to this and maybe that's where this excels but that's of little interest to me.  

This is the first time I've run a dot net application on Linux so that was kind of cool  And in general, it's a cool tool but I don't see how it will aid me.