CVE-2022-39051 Perl Code execution in Template Toolkit

Attacker might be able to execute malicious Perl code in the Template toolkit, by having the admin installing an unverified 3th party package...

Upserve : Blind stored xss in demo form

Through Upserve's demo request form, @pareshparmar found a blind XSS in a 3rd party package for Upserve's CRM system. While the CRM system and 3rd party package are out of scope for our program, we decided to reward @pareshparmar for his work in bringing this issue to our attention. - Endpoint...