CVE-2021-24419

The WP YouTube Lyte WordPress plugin before 1.7.16 did not sanitise or escape its lyteytapikey and lytenotification settings before outputting them back in the page, allowing high privilege users to set XSS payload on them and leading to stored Cross-Site Scripting issues...

WordPress 插件跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports the hosting of personal blogging sites on PHP and MySQL servers. WordPress plugin is a WordPress open source application plugin. WP YouTube Lyte WordPress plugin version prior ...

Use of a Broken or Risky Cryptographic Algorithm in emoncms/emoncms

✍️ Description The function mtrand is used to generate verification keys, API keys both read & write, and even hash salts, this function is cryptographically flawed due to its nature being one pseudorandomness, an attacker can take advantage of the cryptographically insecure nature of this functio...

Elastic: [Swiftype] - Stored XSS via document field `url` triggers on `https://app.swiftype.com/engines/<engine>/document_types/<type>/documents/<id>`

Dear Team, I have found a stored XSS when create a document via API-based engine. The XSS payload stored in url field. To understand about document schema for API-based engine, please go to https://swiftype.com/documentation/site-search/guides/schema-designapi-based After indexed a document with...

Critical Palo Alto Cyber-Defense Bug Allows Remote ‘War Room’ Access

A critical security bug in Palo Alto Networks’ Cortex XSOAR could allow remote attackers to run commands and automations in the Cortex XSOAR War Room and to take other actions on the platform, without having to log in. Found internally by Palo Alto, the bug CVE-2021-3044 is an...

Cross-Site Request Forgery (CSRF) in babybuddy/babybuddy

✍️ Description The user/reset-api-key/endpoint does not have a CSRF protection. This could be exploited by an attacker to change the API key without the admin not actually requesting for a change. 🕵️‍♂️ Proof of Concept For the following attack to work, the admin victim must be logged into their...

Semrush: API key (api.semrush.com) leak in JS-file

The researcher found a javascript file with an API token that allowed to get internal statistics. When you access a page not found on the application, the source code of the page contains a portion of code that list a lot of javascript files. Some of these javascript files correspond to the Semru...

GetSimple CMS 3.3.4 - Information Disclosure Exploit

Exploit Title: GetSimple CMS 3.3.4 - Information Disclosure Exploit Author: Ron Jost Hacker5preme Vendor Homepage: http://get-simple.info/ Software Link: https://github.com/GetSimpleCMS/GetSimpleCMS/archive/refs/tags/v3.3.4.zip Version: 3.3.4 CVE: CVE-2014-8722 Documentation:...

GetSimple CMS 3.3.4 - Information Disclosure

Exploit Title: GetSimple CMS 3.3.4 - Information Disclosure Date 01.06.2021 Exploit Author: Ron Jost Hacker5preme Vendor Homepage: http://get-simple.info/ Software Link: https://github.com/GetSimpleCMS/GetSimpleCMS/archive/refs/tags/v3.3.4.zip Version: 3.3.4 CVE: CVE-2014-8722 Documentation:...

CommScope Ruckus IoT Controller 信任管理问题漏洞

The Commscope CommScope Ruckus IoT Controller is an IoT controller from Commscope, Inc. A virtual controller that integrates with the SmartZone controller to perform connectivity, device and security management functions for non-Wi-Fi devices. A trust management issue vulnerability exists in...

Reservation System Fixes Easy-to-Exploit XSS Bug

An easy-to-exploit bug impacting the WordPress plugin ReDi Restaurant Reservation allows unauthenticated attackers to pilfer reservation data and customer personal identifiable information by simply submitting a malicious snippet of JavaScript code into the reservation comment field. The bug...

Improper Access Control in openwhyd/openwhyd

✍️ Description Youtube API key without proper referer restrictions is found in your repo. It can be embeded to anyone's website and if the billing account is active, it will incur charges on your account. 🕵️‍♂️ Proof of Concept Visit following link to verify anyone can access the api key:...

Improper Access Control in bramp/myip

✍️ Description Google Maps API key is enabled without proper referer restrictions is found in your repo. It can be embeded to anyone's website and if the billing account is active, it will incur charges on your account. If Google Maps is not used in your project, then all the following APIs should...

CVE-2020-35580

A local file inclusion vulnerability in the FileServlet in all SearchBlox before 9.2.2 allows remote, unauthenticated users to read arbitrary files from the operating system via a /searchblox/servlet/FileServlet?col=url= request. Additionally, this may be used to read the contents of the SearchBl...

CVE-2020-35580

Summary: CVE-2020-35580 is a local file inclusion vulnerability in the SearchBlox FileServlet (versions before 9.2.2). The issue allows remote, unauthenticated attackers to read arbitrary files from the OS (via /searchblox/servlet/FileServlet?col=url=) and may expose the SearchBlox configuration ...

CVE-2020-35580

A local file inclusion vulnerability in the FileServlet in all SearchBlox before 9.2.2 allows remote, unauthenticated users to read arbitrary files from the operating system via a /searchblox/servlet/FileServlet?col=url= request. Additionally, this may be used to read the contents of the SearchBl...

Autoptimize < 2.8.4 - Authenticated Stored Cross-Site Scripting (XSS)

The plugin was missing proper escaping and sanitisation in some of its settings, allowing high privilege users to set XSS payloads in them, leading to stored Cross-Site Scripting issues PoC Adds the following payloads in the API Key settings /wp-admin/options-general.php?page=aocritcss " -- PoC 1...

Autoptimize < 2.8.4 - Authenticated Stored Cross-Site Scripting (XSS)

The plugin was missing proper escaping and sanitisation in some of its settings, allowing high privilege users to set XSS payloads in them, leading to stored Cross-Site Scripting issues Adds the following payloads in the API Key settings /wp-admin/options-general.php?page=aocritcss "alert/XSS/ --...

CVE-2021-29245

BTCPay Server through 1.0.7.0 uses a weak method Next to produce pseudo-random values to generate a legacy API key...

CVE-2021-29245

BTCPay Server through 1.0.7.0 uses a weak method Next to produce pseudo-random values to generate a legacy API key...