Meet the Author

Chris Davis Senior Security Consultant

Chris Davis is a Senior Security Consultant at Bishop Fox. His areas of expertise are application penetration testing (static and dynamic) and external network penetration testing.

Chris actively conducts independent security research and has been credited with the discovery of 40 CVEs (including CVE-2019-7551 and CVE-2018-17150) on enterprise-level, highly distributed software. The vulnerabilities he identified included remote code execution and cross-site scripting (XSS).

Chris completed the Cybersecurity Training Program at SecureSet Academy in addition to coursework at Metropolitan State University of Denver.

Security Research:

LEXSS: Bypassing Lexical Parsing Security Controls

CVEs Discovered:

  1. CVE-2018-17150
  2. CVE-2018-17151
  3. CVE-2018-17152
  4. CVE-2019-7551
  5. CVE-2019-8371
  6. CVE-2019-8368
  7. CVE-2019-15936
  8. CVE-2019-16246
  9. CVE-2019-15930
  10. CVE-2019-15931
  11. CVE-2019-15932
  12. CVE-2019-15933
  13. CVE-2019-15935
  14. CVE-2019-15934
  15. CVE-2020-11436
  16. CVE-2019-17428
  17. CVE-2019-19632
  18. CVE-2019-19631
  19. CVE-2020-9437
  20. CVE-2020-11438
  21. CVE-2020-11439
  22. CVE-2020-11437
  23. CVE-2020-12648
  24. CVE-2020-15950
  25. CVE-2020-15951
  26. CVE-2020-15952
  27. CVE-2020-16257
  28. CVE-2020-16256
  29. CVE-2020-16261
  30. CVE-2020-16262
  31. CVE-2020-16263
  32. CVE-2020-16260
  33. CVE-2020-16258
  34. CVE-2020-16259
  35. CVE-2020-15949
  36. CVE-2020-27637
  37. CVE-2021-26990
  38. CVE-2021-26991
  39. CVE-2021-26992
  40. CVE-2021-28114

Chris Davis

Posts from Chris Davis

Jun 22, 2021

LEXSS: Bypassing Lexical Parsing Security Controls

Jun 02, 2021

Froala Editor, Version 3.2.6 Advisory

Jan 11, 2021

CRAN Version 4.0.2 Advisory

Nov 04, 2020

Security Advisory: Immuta Version 2.8.2

Oct 27, 2020

Winston Privacy Version 1.5.4

Aug 12, 2020

TinyMCE, Version 5.2.1 Advisory

Jul 14, 2020

LibreHealth Version 2.0.0

Jun 19, 2020

SecureAuth Version 9.3

Dec 30, 2019

Big Monitoring Fabric Application

Dec 09, 2019

Solismed Version 3.3SP1

Sep 11, 2019

OpenEMR 5.0.1(6) - Technical Advisory Release

Sep 10, 2019

OpenEMR 5.0.1(6) - RCE and XSS

Jul 24, 2019

InterSystems Cache 2017.2.2.865.0 and 2018.1.2 Multiple Vulnerabilities

Mar 08, 2019

Cantemo Portal Version 3.8.4 - Cross-Site Scripting

This site uses cookies to provide you with a great user experience. By continuing to use our website, you consent to the use of cookies. To find out more about the cookies we use, please see our Privacy Policy.